[Openvpn-devel] [XS] Change in openvpn[master]: Require script-security 2 when using unix: tun

Tue, 13 Jan 2026 00:47:46 -0800 

cron2 has uploaded a new patch set (#2) to the change originally created by 
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/1465?usp=email )

The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld


Change subject: Require script-security 2 when using unix: tun
......................................................................

Require script-security 2 when using unix: tun

Since this executes an executable from an arbitrary path, it should follow
the same rules as other scripts/executable.

Reported-By: Petr Simecek, Pavel Kohout and Stanislav Fort from Aisle Research
Change-Id: I89dcab24ba510094ce1672e382960bf15def310a
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Frank Lichtenheld <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1465
Message-Id: <[email protected]>
URL: 
https://www.mail-archive.com/[email protected]/msg35223.html
Signed-off-by: Gert Doering <[email protected]>
---
M src/openvpn/tun_afunix.c
1 file changed, 4 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/65/1465/2

diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c
index c410480..a67a472 100644
--- a/src/openvpn/tun_afunix.c
+++ b/src/openvpn/tun_afunix.c
@@ -61,7 +61,10 @@

     argv_printf(&argv, "%s", program);

-    tt->afunix.childprocess = openvpn_execve_check(&argv, env, S_NOWAITPID, 
msgprefix);
+    /* exit when executing fails to easier spot errors here and treat this
+     * command like an external script */
+    int flags = S_NOWAITPID | S_SCRIPT | S_FATAL;
+    tt->afunix.childprocess = openvpn_execve_check(&argv, env, flags, 
msgprefix);
     if (!openvpn_waitpid_check(tt->afunix.childprocess, msgprefix, M_WARN))
     {
         tt->afunix.childprocess = 0;

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1465?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I89dcab24ba510094ce1672e382960bf15def310a
Gerrit-Change-Number: 1465
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to