Hi, On Wed, Feb 29, 2012 at 04:28:31PM +0100, Fabian Knittel wrote: > To ensure this in classic Linux this would mean that the OpenVPN > process needs to run as a _different_ user than the GUI user or else > the GUI user could freely manipulate the program using, e.g. ptrace. I > know that similar manipulations are possible in Windows, so can you > protect the service-started OpenVPN-executable from such > manipulations?
The model we follow is "openvpn.exe has the same permissions that you
already have, so there is no benefit in manipulating anything".
For those bits that need additional privileges, there's the named pipe
to the openvpn service - with some very well-defined messages to
add/delete routes, setup interfaces, and such.
Part of the assumption here is "the user controls the openvpn config",
and as such, he can make openvpn.exe run arbitrary scripts anyway - and
to stop this from being a problem, just run openvpn.exe with your uid.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgphHNgxK1RF6.pgp
Description: PGP signature
