Hi, On Wed, Feb 29, 2012 at 07:43:18PM +0100, Carsten Krüger wrote: > > Part of the assumption here is "the user controls the openvpn config", > > and as such, he can make openvpn.exe run arbitrary scripts anyway - and > > to stop this from being a problem, just run openvpn.exe with your uid. > > What operation could be in script that is usefull when it's executed > in user context. > > I never used script with openvpn. I've no idea which are real world > applications for it.
Scripts are for creative uses that the programmers of openvpn have not
foreseen. Like "after the VPN is up, auto-sync all your git repositories"
or "open up a few xterms with ssh's to $internalhosts".
David had some other idea recently, which I forgot.
I use scripts for routing table changes on the OpenVPN *server* side
(dynamic "route" behaviour). But that's a bad example because it wouldn't
work in the "openvpn and all its script childs are not privileged".
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpxGzb92JJdg.pgp
Description: PGP signature
