On Wednesday 29 February 2012 19:18:00 Carsten Krüger wrote: > > If openvpn.exe startet in users context the user can manipulate it in > > ram arbitrarily. > > Example: > http://blog.didierstevens.com/2009/06/25/bpmtk-injecting-vbscript/ > (great blog about process manipulation :-) )
Took a look, neat tool. In the same blog the author mentions that integrity levels, introduced in Vista, can be used to circumvent DLL injection. If that works out, all that is needed is the service increasing the tokens integrity level before starting openvpn and the user will have limited access to the running openvpn process. http://blog.didierstevens.com/2010/09/07/integrity-levels-and-dll-injection/ Of course this makes only sense if the ongoing discussion about whether setting routes via --route config option comes to the conclusion "no". I'll follow up to Fabian about that. Heiko -- Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200 Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe Represented by the General Partner Astaro Verwaltungs GmbH Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen, Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen