what if we determine GetModuleFileNameW of openvpnserv.exe ... and consider
it as a "trusted" (instead of
taking installation path from registry)?
if windows service is running, it means it was installed with trusted way
(which is relatively hard to break)
2018-01-18 22:11 GMT+05:00 Selva Nair <selva.n...@gmail.com>:
>
> On Thu, Jan 18, 2018 at 3:49 AM, Илья Шипицин <chipits...@gmail.com>
> wrote:
>
>> Hello,
>>
>> changes https://github.com/OpenVPN/openvpn-gui/pull/197 actually make
>> openvpn-gui less dependent on registry
>>
>>
>> we sometimes see similar issue with interactive service:
>>
>> openvpnserv error: Не удается найти указанный файл. (0x2) Error querying
>> registry value: HKLM\SOFTWARE\OpenVPN\exe_path
>>
>> (I've no idea why "exe_path" was deleted)
>>
>> @selvanair , what do you think if we'll try to guess exe_path by picking
>> directory from where openvpnserv was started ? (it is a good guess to
>> assume openvpn.exe is in the same directory)
>>
>
> Patch 86 (https://patchwork.openvpn.net/patch/86/) does this. The only
> registry key that will be required would be HKLM\Software\OpenVPN whose
> default value should point to the installation directory.
>
> One of the security features of the service is that it starts only
> "authorized" openvpn.exe executables -- so we need to have at least the
> installed location set by the admin. Then we can safely guess the rest of
> the parameters if not explicitly set. Eliminating all registry dependence
> wouldn't be safe for the service.
>
> That wouldn't fix issues faced by users who delete registry keys or use
> non-standard installation methods. Generally those are power users who can
> fix things on their own. If not, just ask them to re-install openvpn.
>
> Selva
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
