I do not understand either. If you run OpenVPN from unprivileged user from startup, this apposed of letting OpenVPN to setuid(), what do you need to protect in middle of operation?
On Tue, Jul 28, 2009 at 11:33 AM, Sebastien Raveau<sebastien.rav...@epita.fr> wrote: > I'm not sure I understand you... > > As I explained in > http://article.gmane.org/gmane.network.openvpn.devel/2700 it is indeed > possible to apply SELinux "from the outside" of a program, like > chroot, and just like chroot doing that is less efficient and less > practical. > > On Tue, Jul 28, 2009 at 10:18 AM, Alon Bar-Lev<alon.bar...@gmail.com> wrote: >> Do that. >> But as in this case OpenVPN does not run under privilege account at >> any time, you can do this simply without any selinux code into VPN. >> >> On Tue, Jul 28, 2009 at 11:12 AM, Sebastien >> Raveau<sebastien.rav...@epita.fr> wrote: >>> On Tue, Jul 28, 2009 at 9:59 AM, Alon Bar-Lev<alon.bar...@gmail.com> wrote: >>>> Why don't you use openvpn in completely unprivileged mode? >>>> Look at [1] search for Unprivileged mode. >>>> [1] >>>> http://openvpn.net/index.php/open-source/documentation/howto.html#security >>> >>> What makes you think I don't already? :-) >>> >>> I do, and it is *not* sufficient as this does not protect against >>> kernel exploits. If a hacker manages to perform remote code execution >>> in OpenVPN and thus exploit a vulnerable system call, (s)he obtains >>> kernel privileges and all of a sudden all your setuid, chroot etc are >>> useless... >>> >>> This can be countered with SELinux (and equivalents such as >>> GRSecurity, RSBAC, LIDS etc) basically by applying access control on >>> system calls. >>> >>> >>> Kind regards, >>> >>> -- >>> Sebastien Raveau >>> >> > > > > -- > Sebastien Raveau >
