Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi, On Mon, Dec 16, 2019 at 5:18 PM Simon Rozman wrote: > > Hi, > > TLDR: > (i) stealing SYSTEM access from winlogon.exe is not a good thing to do > > > > This doesn't happen for the majority of use cases - only when iservice is not > used. We also > elevate only for the single DeviceIOControl c

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi On Mon, Dec 16, 2019 at 4:31 PM Lev Stipakov wrote: >> >> I have already said what I think of it. As an admin I wouldn't like to see >> users running processes that elevate to SYSTEM like this. > > > Would it be too much if > > - openvpn.exe process detects that it is not started by interacti

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi, >>> TLDR: >>> (i) stealing SYSTEM access from winlogon.exe is not a good thing to do >> >> >> This doesn't happen for the majority of use cases - only when iservice is >> not used. We also >> elevate only for the single DeviceIOControl call. > > I understand. But stealing access token from

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

> > I have already said what I think of it. As an admin I wouldn't like to see > users running processes that elevate to SYSTEM like this. > Would it be too much if - openvpn.exe process detects that it is not started by interactive service - interactive service process is running - wintun is

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi On Mon, Dec 16, 2019 at 3:01 PM Lev Stipakov wrote: > > Hi, > > Thanks for looking into this. See my comments below. > >> TLDR: >> (i) stealing SYSTEM access from winlogon.exe is not a good thing to do > > > This doesn't happen for the majority of use cases - only when iservice is not > used.

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi, Thanks for looking into this. See my comments below. TLDR: > (i) stealing SYSTEM access from winlogon.exe is not a good thing to do > This doesn't happen for the majority of use cases - only when iservice is not used. We also elevate only for the single DeviceIOControl call. Below you menti

[Openvpn-devel] OpenVPN 3 Linux client - v7 beta released

Hi, The OpenVPN 3 Linux v7 beta release has finally arrived, overdue for several months. This is available in our git repositories [0] and URLs for source tarballs are listed later in this e-mail. We have pre-built binaries for the following Linux distributions: * Fedora 29, 30, 31 and Rawh

Re: [Openvpn-devel] [PATCH v6 4/7] wintun: ring buffers based I/O

Hi, I was reluctant to review this as I do not understand the event processing in OpenVPN well enough. Now that Stefann has reviewed those bits and given an Ack, here are some comments on the rest of the code. TLDR: (i) stealing SYSTEM access from winlogon.exe is not a good thing to do (ii) with

[Openvpn-devel] [PATCH v7 4/7] wintun: ring buffers based I/O

From: Lev Stipakov Implemented according to Wintun documentation and reference client code. Wintun uses ring buffers to communicate between kernel driver and user process. Client allocates send and receive ring buffers, creates events and passes it to kernel driver under LocalSystem privileges.