Hi, On Mon, Feb 08, 2016 at 01:12:37AM +0500, ???????? ?????????????? wrote: > there's still "Start OpenVPN directly" > > https://github.com/OpenVPN/openvpn-gui/blob/master/openvpn.c#L724 > > in such case admin rights are still required for routes manipulation.
In this case, it would just not work.
There's basically four cases:
- you have no admin rights and use the iservice -> works
- you have admin rights and do not use the iservice -> works
- you have no admin rights and use *tap* with no routes and no v6 -> works
- it does not work
I do not see a real problem here. If you do not want to use the iservice,
you need to either have admin rights or stick to tap, done.
> maybe we should release two installers (or make a checkbox in installer?)
>
> 1) regular mode (with highest priv manifest)
> 2) paranoya mode (without highest priv)
>
>
> those who really care will choose whatever they want to
Where would the benefit in refusing to use the iservice and sticking to
"highest priv manifest"? All you get by doing this is "larger exposed
surface to exploitable bugs, as more code has to run with elevated privs"
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
