Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Wed, Jul 18, 2012 at 10:10 AM, David Sommerseth < openvpn.l...@topphemmelig.net> wrote: > * The computer is configured to allow OpenVPN to run without root > password > Yes. The vulnerability requires configuring the computer to allow *the user*to start OpenVPN *as root* without entering

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18/07/12 14:44, Jonathan K. Bullard wrote: > On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev > > wrote: > > Currently openvpn requires/endorses specifying full path in plugin > parameter. As

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Wed, Jul 18, 2012 at 9:37 AM, Alon Bar-Lev wrote: > Nobody disables the absolute path use. > This patch permits relative use. > I'm sorry, I misunderstood. So a relative path will now be interpreted as relative to the plugins directory specified a build time, rather

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

Nobody disables the absolute path use. This patch permits relative use. On Wed, Jul 18, 2012 at 3:44 PM, Jonathan K. Bullard wrote: > On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote: >> >> Currently openvpn requires/endorses specifying full path

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Wed, Jul 18, 2012 at 4:34 PM, Alon Bar-Lev wrote: > Hi! > > On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote: >> Hi Alon >> >> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: >>> Currently openvpn requires/endorses specifying full path in

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

Hi! On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote: > Hi Alon > > On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: >> Currently openvpn requires/endorses specifying full path in plugin >> parameter. > > Specifying a custom full path is probably something we need to

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter. As build system already aware of plugin location, it is > possible to load plugin relative to this directory, so full path is not >

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Wednesday 18 July 2012 13:44:41 Heiko Hund wrote: > code injection when openvpn is not running as another user or has access to Scratch the "not" please, typo. Heiko -- Heiko Hund | Sr. Software Engineer | Tel +49-721-25516-237 | Fax -200 SOPHOS NSG | Amalienbadstr. 41 Bau 52 | 76227

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

Hi Alon On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter. Specifying a custom full path is probably something we need to ban in the (near) future, as it imposes an attack vector for privilege escalation by

Re: [Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

On Tue, Jun 26, 2012 at 8:05 PM, Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter. As build system already aware of plugin location, it is > possible to load plugin relative to this directory, so full path is not >

[Openvpn-devel] [PATCH] plugin: load plugin relative to plugindir

Currently openvpn requires/endorses specifying full path in plugin parameter. As build system already aware of plugin location, it is possible to load plugin relative to this directory, so full path is not required nor more secured. Windows is a little more complex as user may change installation