On Wednesday 29 February 2012 16:59:03 Fabian Knittel wrote: > If users can manipulate their openvpn session to do whatever they want > they can also manipulate what gets sent over the named pipe. (I'm not > necessarily talking about malformed messages; I'm talking about > manipulating the routing tables, etc. to contain arbitrary settings.)
That's good thinking there. I've ignored the fact that one can simply add --route options to the config. However, just checked the man page, these routes will get set after a connection is established. So this can't be used to manipulate the routing table without establishing a connection first. The whole point about this exercise is to keep users from setting arbitrary routes without openvpn having it's fingers in the process. So, I think this is the best we can do here, in the end we want openvpn to be able to set routes. > Either I'm misunderstanding Heiko's plans or you two aren't in sync > regarding this point. AFAIU, Heiko intends to safe-guard access to the > named pipe as much as possible, with the underlying assumption that > only a trusted OpenVPN process should be allowed to send somewhat > trusted commands over the pipe. We're slightly out of sync. I do believe we should protect the elevation pipe as good as possible, just to make it harder to sneak in a route. > In my opinion, this implies that the > openvpn config would need to be restricted to safe settings in some > way. I'm not (yet?) convinced that this approach can be secure without > crippling the type of tunnels that you can create. Well, it's kind of hard to determine what's a save setting here. Even if the local configs are safely locked down one can still just add --route options the the command line. I guess it's a general discussion if --route on the client is defined as "secure because we said so" or if it should be removed. Is there a use case for --route on the client? Heiko -- Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200 Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe Represented by the General Partner Astaro Verwaltungs GmbH Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen, Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen
