On Wed, Jul 18, 2012 at 10:10 AM, David Sommerseth <
openvpn.l...@topphemmelig.net> wrote:
> * The computer is configured to allow OpenVPN to run without root
> password
>
Yes. The vulnerability requires configuring the computer to allow *the
user*to start OpenVPN
*as root* without entering
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/07/12 14:44, Jonathan K. Bullard wrote:
> On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev
> > wrote:
>
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As
On Wed, Jul 18, 2012 at 9:37 AM, Alon Bar-Lev wrote:
> Nobody disables the absolute path use.
> This patch permits relative use.
>
I'm sorry, I misunderstood. So a relative path will now be interpreted as
relative to the plugins directory specified a build time, rather
Nobody disables the absolute path use.
This patch permits relative use.
On Wed, Jul 18, 2012 at 3:44 PM, Jonathan K. Bullard
wrote:
> On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote:
>>
>> Currently openvpn requires/endorses specifying full path
On Wed, Jul 18, 2012 at 4:34 PM, Alon Bar-Lev wrote:
> Hi!
>
> On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote:
>> Hi Alon
>>
>> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
>>> Currently openvpn requires/endorses specifying full path in
Hi!
On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote:
> Hi Alon
>
> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
>> Currently openvpn requires/endorses specifying full path in plugin
>> parameter.
>
> Specifying a custom full path is probably something we need to
On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As build system already aware of plugin location, it is
> possible to load plugin relative to this directory, so full path is not
>
On Wednesday 18 July 2012 13:44:41 Heiko Hund wrote:
> code injection when openvpn is not running as another user or has access to
Scratch the "not" please, typo.
Heiko
--
Heiko Hund | Sr. Software Engineer | Tel +49-721-25516-237 | Fax -200
SOPHOS NSG | Amalienbadstr. 41 Bau 52 | 76227
Hi Alon
On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter.
Specifying a custom full path is probably something we need to ban in the
(near) future, as it imposes an attack vector for privilege escalation by
On Tue, Jun 26, 2012 at 8:05 PM, Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As build system already aware of plugin location, it is
> possible to load plugin relative to this directory, so full path is not
>
Currently openvpn requires/endorses specifying full path in plugin
parameter. As build system already aware of plugin location, it is
possible to load plugin relative to this directory, so full path is not
required nor more secured.
Windows is a little more complex as user may change installation
11 matches
Mail list logo