Hi, On Fri, Feb 05, 2016 at 01:44:38PM +0800, Daniel Sim wrote: > May I ask a more generic question about the implementation of the > interactive service? > > So I understand that the patch allows clients to instruct the service to > modify the routing table.
Yes and no. It allows clients to instruct the service to run OpenVPN
on a pre-installed config file - and the service will pass a pipe handle
to OpenVPN on which it's willing to receive route change instructions.
Part of the discussion we had was to have a checkbox at installation time
that restricts the service to only run .ovpn profiles from a well-defined
and admin-only-writeable directory (and also change the argument handling
between gui and service to refuse to accept arbitrary command line
arguments).
> In short, it allows ordinary users (since any
> program could impersonate the openvpn client) to modify the routing table.
Not by impersonating the openvpn client, but by running a "rogue profile"
via true openvpn - but for your c&c example, you need more than "just
routing" anyway.
[..]
> Wouldn't it be better as debbie10t suggested to restrict ordinary users to
> only the VPN configurations that are permitted by the administrator?
Which is the plan.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
