-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, 3 April 2021 01:12, Selva Nair <selva.n...@gmail.com> wrote: > Hi, > > > If I distribute my VPN client as a Zip file then what ever name I give the > > VPN config file, I will obviously make the batch file the same. > > > > - provider.ovpn > > - provider_up.bat > > This is certainly not a difficult hurdle to side-step. > > > > > > > It's easy for an unsuspecting user to "import" a config file downloaded > > > from somewhere, but to get the batch file into the right location they > > > have to deliberately copy it there. One can say that we treat that > > > action as equivalent to "--script-security 2". > > See Zip above.. > > Unsuspecting users is exactly who I thought the OpenVPN wanted to protect. > > What I meant was the import menu in the GUI will not import a zip > file, only the .ovpn. When we add a smarter import option we'll have > to warn the user about > such scripts. > > Also, I'm all for patches to improve --script-security handling as > well as for controlling scripts run by the GUI. I had tried but found > it to be beyond my foo to come with a decent way to do this. > > Selva Yes, I do understand. It is a complicated "cat and mouse" game which is never going to be totally resolved. No matter the obstacles in place to hinder such attacks, a smart adversary will find a way to side-step. I guess this boils down to that old Unix mantra: Do one thing and do it well, don't do everything else. I was simply caught off-guard ;-) Still, better to communicate than be silent. After all, what would be the point of the internet, if we all fell silent. -- Thanks R -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgZ7XFACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3+lgf/VrD55ETA+tHSzSTOJYgwdnkXC2iIn1HKtDQYHeZSn/ldj1gG AiucsP268KeLc69XR3Ba67B2rPiTAx4uvFXWwB4FnmyHC8MA8iRquzAbluIK oig+b/9XGRiwXa1/qzC45gN83ZdHK98ed7W8Sgo7qJNblqhRgd/Mjo5/fXkF 6ZEI8xwkNoYS7oyiqiq67ubkyhoOINrXjnaJLoDr2uOek/nxf5qQM06+aird ziiREv1eizhqejnUWHdK0v1Mal8aE15ykTqnoOsVebi4hSBv6alBA3v9Azmi ju7k2KpEn9tgt1Y7cpONU8rqarBv2+TH+IW+nUQ1856cmfwDEOGyiQ== =7/Pg -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
