Il 24/08/2016 16:25, Jan Just Keijser ha scritto:

>> Iservice works like this (we have a documentation page coming, but that's
>> not there yet)
>>   - the GUI runs as "me" (gert)
>>   - the iservice runs as "local service", maximum privileges
>>   - the GUI connects to the iservice, and asks it "run openvpn.exe with
>>     the following arguments, using the credentials of the user the GUI
>> runs
>>     with" (windows can do this - pass credentials across a pipe, which
>> you
>>     can't fake)
>>   - the iservice forks openvpn.exe, and runs this as user (gert), and
>>     keeps a "service pipe" between iservice and openvpn.exe
>>   - if openvpn.exe wants to do ifconfig/route/dns stuff, it sends these
>>     as requests over the service pipe to the iservice, who will then
>>     execute them (and clean up should openvpn crash)
>>   - --up scripts are run by openvpn.exe itself, which is already running
>>     as "gert", so, all privileges are nicely in place
>> so this cannot be used anymore for privilege escalation to admin (by
>> running an --up script from openvpn which is run-as-admin).
> thanks for your explanation - all clear to me now. All we have to do now
> is to document this and add some tests to the buildbot ;)

And why have perfectly good explanation get lost in the depths of a 
mailing list archive:


Feel free to improve further :)

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

Openvpn-devel mailing list

Reply via email to