Hi,
On Sun, Nov 29, 2020 at 9:59 PM Jason A. Donenfeld wrote:
On Sun, Nov 29, 2020 at 8:44 PM Phillip McMahon
<phillip.mcma...@gmail.com> wrote:
Won't drag this already long and confusing thread out. Not challenging
the current implementation, just the notion that any other suggestion
is a dead end and the topic is closed.
Alright. Well, if you do think of good reasons why NCO is not a good
match for unpriv'd WireGuard control, please let me know. The whole
basis of going that route is the apparent intuition that these two
types of things, network modification and tunnel up/down, are one and
the same. But if you have in mind a way where the analogy breaks down,
that'd be very interesting to learn and would potentially be grounds
for changing course.
We provision a lot of road warrior laptops, where users are not admins.
They can of course use 5g, wifi or lan as required and have to be able
to switch on/off the vpn tunnel. If working from our office for example,
they do not need the vpn due to an existing site-to-site vpn connection.
So they need to turn it off by themselves. That's why the feature makes
a lot of sense in my humble opinition.
However, any member of the local "Network Configuration Operators" group
is not only able to to activate the WireGuard tunnel but also
- disable any firewall rules
- add new any firewall rules
- disable the whole firewall by changing the default to allow all incoming
- change ip address / dns settings on any interface
I think that adding an otherwise unprivileged user to the NCO group just
for activating a preconfigured vpn tunnel might pose security issues in
other areas.
Jason
Regards
--
Fabian
