James Yonan wrote:
Alberto,
By default, the OpenVPN client doesn't accept pushed options from the
server unless "pull" or "client" is specified. The idea is that once
you agree to accept configuration info from the server, you are trusting
(to a certain extent) in its integrity, so there are limits in how far
the client can be protected against a server which successfully
authenticates at the SSL/TLS level, but then turns out to be malicious.
But Hendrik has a point in that you might want that trust to be
finer-grained -- you might want to accept routes pushed from a server,
but not a setenv (which could potentially be abused).
Hmm. I actually like Hendrik's proposed solution -- allowing setenv by
default, but only to a subset of the possible namespace (by prefixing
variable names). Any reason you're leaning towards disabling setenv
altogether unless explicitly allowed?
