I had time to look at the code, what I don't understand is how come we
work none blocking and do not test for EWOULDBLOCK at other places...
If I get it right, at least after send() we can get EWOULDBLOCK even
if select() returned we have free buffers.
On Wed, Jul 18, 2012 at 7:20 AM, Alon
On Wed, Jul 18, 2012 at 10:10 AM, David Sommerseth <
openvpn.l...@topphemmelig.net> wrote:
> * The computer is configured to allow OpenVPN to run without root
> password
>
Yes. The vulnerability requires configuring the computer to allow *the
user*to start OpenVPN
*as root* without entering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/07/12 14:44, Jonathan K. Bullard wrote:
> On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev
> > wrote:
>
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As
On Wed, Jul 18, 2012 at 9:37 AM, Alon Bar-Lev wrote:
> Nobody disables the absolute path use.
> This patch permits relative use.
>
I'm sorry, I misunderstood. So a relative path will now be interpreted as
relative to the plugins directory specified a build time, rather
Nobody disables the absolute path use.
This patch permits relative use.
On Wed, Jul 18, 2012 at 3:44 PM, Jonathan K. Bullard
wrote:
> On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote:
>>
>> Currently openvpn requires/endorses specifying full path
On Wed, Jul 18, 2012 at 4:34 PM, Alon Bar-Lev wrote:
> Hi!
>
> On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote:
>> Hi Alon
>>
>> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
>>> Currently openvpn requires/endorses specifying full path in
Hi!
On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote:
> Hi Alon
>
> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
>> Currently openvpn requires/endorses specifying full path in plugin
>> parameter.
>
> Specifying a custom full path is probably something we need to
On Wed, Jul 18, 2012 at 4:26 PM, David Sommerseth > Agreed, this
sounds like a feature regression.
>
> Dynamic loading requires dlopen() and such (provided by libdl) and
> when compiled non-static, all this dlopen() stuff happens
> automatically, as the linker have instructed the binary what to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/07/12 15:00, Jonathan K. Bullard wrote:
> On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev
> wrote:
>> (3) I want to build "compat" as a static library. How can I do
>> that? You don't need the above... just add
>>
On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev wrote:
> > (1) Is there a way to disable building "openvpnserv" and the "auth-pam"
> > plugin?
> --disable-plugin-auth-pam
>
Thanks. I have found the configure documentation. However, I can't get it
to do what I want it to do:
On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As build system already aware of plugin location, it is
> possible to load plugin relative to this directory, so full path is not
>
On Wednesday 18 July 2012 13:44:41 Heiko Hund wrote:
> code injection when openvpn is not running as another user or has access to
Scratch the "not" please, typo.
Heiko
--
Heiko Hund | Sr. Software Engineer | Tel +49-721-25516-237 | Fax -200
SOPHOS NSG | Amalienbadstr. 41 Bau 52 | 76227
Hi Alon
On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter.
Specifying a custom full path is probably something we need to ban in the
(near) future, as it imposes an attack vector for privilege escalation by
13 matches
Mail list logo