On Sat, Jun 29, 2019 at 10:35 AM Lev Stipakov <lstipa...@gmail.com> wrote:
> Hi,
>> So Lev's patch proposes to do service calls for wintun *and* tap6, and
>> do so "always"?  Or only if the registry key says so?
> Yep, patch always opens wintun and tap6 via service no matter what
> registry key says.

Yes, that's one of my concerns with the patch. Opening tap6 using the
service may be a regression in some installations where limited users
are not allowed to open the device. It also provides more access rights
to the handle as its opened by SYSTEM: the driver sets it as all
access for SYSTEM, RWX for everyone else when AllowNonAdmin
is on. Not sure whether that matters in practice.


Openvpn-devel mailing list

Reply via email to