Re: [Openvpn-devel] route-up and iproute plugins

2011-04-16 Thread Alon Bar-Lev 
I don't understand the "more secure" argument.
But you can write less secured suid iproute2 ip utility replacement
which can do whatever you like if the sudo is your problem.

On Sat, Apr 16, 2011 at 1:57 AM, Mr Dash Four
 wrote:
>
> Is there a plugin allowing me to run "route-up" and "iproute"
> (replacement) scripts taking advantage of the split privilege execution?
>
> I know there is down-root which allows a "down" script to be executed in
> this fashion, but I am not sure I could find a similar one for the above
> two scripts.
>
> The reason I am asking this is two-fold: currently I have to install the
> sudo package, configure it and include sudo commands in the above 2
> scripts in order to avoid route/ip commands being executed in
> unprivileged environment. While this works well, I'd much rather have
> everything better organised (and more secure) within OpenVPN.
>
> I've had a (very) quick look at down-root.c and openvpn-plugin.h files
> and it seems possible to use those as a template to write 2 additional
> plugins dealing with those two scripts, though I do not wish to reinvent
> the wheel if there are already in existence or if there is an easier way
> of doing this (if at all possible).
>
> Many thanks in advance!
>
> --
> Benefiting from Server Virtualization: Beyond Initial Workload
> Consolidation -- Increasing the use of server virtualization is a top
> priority.Virtualization can reduce costs, simplify management, and improve
> application availability and disaster protection. Learn more about boosting
> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] route-up and iproute plugins

2011-04-15 Thread Mr Dash Four 
Is there a plugin allowing me to run "route-up" and "iproute" 
(replacement) scripts taking advantage of the split privilege execution?


I know there is down-root which allows a "down" script to be executed in 
this fashion, but I am not sure I could find a similar one for the above 
two scripts.


The reason I am asking this is two-fold: currently I have to install the 
sudo package, configure it and include sudo commands in the above 2 
scripts in order to avoid route/ip commands being executed in 
unprivileged environment. While this works well, I'd much rather have 
everything better organised (and more secure) within OpenVPN.


I've had a (very) quick look at down-root.c and openvpn-plugin.h files 
and it seems possible to use those as a template to write 2 additional 
plugins dealing with those two scripts, though I do not wish to reinvent 
the wheel if there are already in existence or if there is an easier way 
of doing this (if at all possible).


Many thanks in advance!