Re: [Openvpn-devel] [PATCHv2 1/2] make non-blocking connect work on Windows

2012-07-18 Thread Alon Bar-Lev
I had time to look at the code, what I don't understand is how come we work none blocking and do not test for EWOULDBLOCK at other places... If I get it right, at least after send() we can get EWOULDBLOCK even if select() returned we have free buffers. On Wed, Jul 18, 2012 at 7:20 AM, Alon

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Jonathan K. Bullard
On Wed, Jul 18, 2012 at 10:10 AM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote: > * The computer is configured to allow OpenVPN to run without root > password > Yes. The vulnerability requires configuring the computer to allow *the user*to start OpenVPN *as root* without entering

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/07/12 14:44, Jonathan K. Bullard wrote: > On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev > > wrote: > > Currently openvpn requires/endorses specifying full path in plugin > parameter. As

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Jonathan K. Bullard
On Wed, Jul 18, 2012 at 9:37 AM, Alon Bar-Lev wrote: > Nobody disables the absolute path use. > This patch permits relative use. > I'm sorry, I misunderstood. So a relative path will now be interpreted as relative to the plugins directory specified a build time, rather

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Alon Bar-Lev
Nobody disables the absolute path use. This patch permits relative use. On Wed, Jul 18, 2012 at 3:44 PM, Jonathan K. Bullard wrote: > On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote: >> >> Currently openvpn requires/endorses specifying full path

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Alon Bar-Lev
On Wed, Jul 18, 2012 at 4:34 PM, Alon Bar-Lev wrote: > Hi! > > On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote: >> Hi Alon >> >> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: >>> Currently openvpn requires/endorses specifying full path in

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Alon Bar-Lev
Hi! On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote: > Hi Alon > > On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: >> Currently openvpn requires/endorses specifying full path in plugin >> parameter. > > Specifying a custom full path is probably something we need to

Re: [Openvpn-devel] New build system questions

2012-07-18 Thread Alon Bar-Lev
On Wed, Jul 18, 2012 at 4:26 PM, David Sommerseth > Agreed, this sounds like a feature regression. > > Dynamic loading requires dlopen() and such (provided by libdl) and > when compiled non-static, all this dlopen() stuff happens > automatically, as the linker have instructed the binary what to

Re: [Openvpn-devel] New build system questions

2012-07-18 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/07/12 15:00, Jonathan K. Bullard wrote: > On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev > wrote: >> (3) I want to build "compat" as a static library. How can I do >> that? You don't need the above... just add >>

Re: [Openvpn-devel] New build system questions

2012-07-18 Thread Jonathan K. Bullard
On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev wrote: > > (1) Is there a way to disable building "openvpnserv" and the "auth-pam" > > plugin? > --disable-plugin-auth-pam > Thanks. I have found the configure documentation. However, I can't get it to do what I want it to do:

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Jonathan K. Bullard
On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter. As build system already aware of plugin location, it is > possible to load plugin relative to this directory, so full path is not >

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Heiko Hund
On Wednesday 18 July 2012 13:44:41 Heiko Hund wrote: > code injection when openvpn is not running as another user or has access to Scratch the "not" please, typo. Heiko -- Heiko Hund | Sr. Software Engineer | Tel +49-721-25516-237 | Fax -200 SOPHOS NSG | Amalienbadstr. 41 Bau 52 | 76227

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

2012-07-18 Thread Heiko Hund
Hi Alon On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter. Specifying a custom full path is probably something we need to ban in the (near) future, as it imposes an attack vector for privilege escalation by