Hi, On Sat, Jun 29, 2019 at 10:35 AM Lev Stipakov <lstipa...@gmail.com> wrote: > > Hi, > >> So Lev's patch proposes to do service calls for wintun *and* tap6, and >> do so "always"? Or only if the registry key says so? > > > Yep, patch always opens wintun and tap6 via service no matter what > registry key says.
Yes, that's one of my concerns with the patch. Opening tap6 using the service may be a regression in some installations where limited users are not allowed to open the device. It also provides more access rights to the handle as its opened by SYSTEM: the driver sets it as all access for SYSTEM, RWX for everyone else when AllowNonAdmin is on. Not sure whether that matters in practice. Selva _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
