Hi
On Wed, Jul 17, 2019 at 8:20 AM Lev Stipakov wrote:
> Hi,
>
> Sorry for delay - I was on vacation.
>
> (i) The new message is named message_open_tun, but it allows opening
>> any file using the service. This is not secure.
>
>
> I am thinking of possible vector of attack here.
>
> In our
From: Lev Stipakov
This patch enables interactive service to open tun device.
This is mostly needed by Wintun, which could be opened
only by privileged process.
When interactive service is used, instead of calling
CreateFile() directly by openvpn process we pass tun device path
into service
Hi,
Sorry for delay - I was on vacation.
(i) The new message is named message_open_tun, but it allows opening
> any file using the service. This is not secure.
I am thinking of possible vector of attack here.
In our case it is service which launches openvpn process using
path set in registry,