Hi Alberto, > I'd like to ask for a couple of features (little ones) added to OpenVPN. > Comments welcomed. > > 1) OpenVPN should refuse to start a connection based on shared secret > when the file containing that key is world readable (or writable). > Paranoia won't even like group readable :-) > Really, that's an important piece (the most?) in that kind of VPN, we > don't want it to be public. Just imagine an (non-chrooted) anonymous > ftp server, a bad configured web server/cgi-script, a malicious user,...
Good idea, however what if someone doesn't want to deal with the protections on every file and instead just eliminates group/world access to the key directory? Therefore, erring on the individual file protections could create a false sense of paranoia? > 2) Each OpenVPN daemon should delete its pidfile when stoping, since it > was that very same daemon that created it. > It has no sense to have the init.d scripts deleting these files (and > stoping nonexistent daemons) since the daemon could have been killed > before the init.d script tried to stop it. The complication here is that a lot of people will want to downgrade privilege using --user and/or --group. That means that when an OpenVPN daemon is ready to exit, it might lack the privilege to delete its own pidfile. I've seen other daemons deal with this by chowning the pid file to the user/group that the daemon plans to setuid/setgid to. Having said that, I think both ideas are worth doing. Thanks, James
