> Version : 0.0~git20170129.72dd7f6-1 > Upstream Author : Adhityaa C <c.adhit...@gmail.com> > * URL : https://github.com/adtac/autovpn .. > autovpn is a tool to automatically connect you to a random VPN > in a country of your choice. It uses openvpn to connect you to a server > obtained from VPN Gate (http://www.vpngate.net/en/).
I'd strongly urge you to reconsider packaging this project, for three main reasons: * It relies upon the external VPNGate.net site/service. If this goes away in the lifetime of a stable Debian release users will be screwed. * It allows security attacks against the local system, which other users on the host could exploit via symlink attacks on /tmp/openvpnconf * It allows security attacks on against the local system which the remote service could exploit: 1. The tool downloads a remote URL to /tmp/openvpnconf 2. The file is then given as an argument to the command: sudo openvpn /tmp/openvpnconf 3. That generated/downloaded openvpn configuration file could be written to do anything, up to and including `rm -rf /`. > A small tool that comes handy in particular for people who travel a lot. Will > be maintained in the go-team. Finally the project itself notes: "This is completely insecure. Please do not use this for anything important. Get a real and secure VPN. This is mostly a fun tool to get a VPN for a few minutes." Steve --