Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-03 Thread Selva Nair
Hi, On Tue, Jul 3, 2018 at 3:09 AM, Gert Doering wrote: > Hi, > > On Mon, Jul 02, 2018 at 11:13:01PM -0400, Jonathan K. Bullard wrote: > > My initial reaction is that I'd rather a problem in the up/down > > scripts generates a fatal error, so if there's a problem in the > > Tunnelblick scripts

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-03 Thread Antonio Quartulli
Hi, On 03/07/18 16:23, David Sommerseth wrote: > TL;DR: Reduce the possibility to run scripts to an absolute minimum (if at > all). If having this possibility run them with as few privileges as possible, > and scripts to run is preferred to be configured outside of the OpenVPN > configuration

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-03 Thread David Sommerseth
On 03/07/18 09:49, Selva Nair wrote: > Hi Jon, > > On Mon, Jul 2, 2018 at 11:13 PM, Jonathan K. Bullard > wrote: >> Hi. >> >> On Mon, Jul 2, 2018 at 9:24 PM, > wrote: >>> >>> From: Selva Nair mailto:selva.n...@gmail.com>> >>> >>> Instead

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-03 Thread Gert Doering
Hi, On Mon, Jul 02, 2018 at 11:13:01PM -0400, Jonathan K. Bullard wrote: > My initial reaction is that I'd rather a problem in the up/down > scripts generates a fatal error, so if there's a problem in the > Tunnelblick scripts somebody will report it. In my experience, almost > nobody pays

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-03 Thread Selva Nair
Hi Jon, On Mon, Jul 2, 2018 at 11:13 PM, Jonathan K. Bullard wrote: > Hi. > > On Mon, Jul 2, 2018 at 9:24 PM, wrote: >> >> From: Selva Nair >> >> Instead log only a warning. >> >> This helps user interfaces enforce a safer script-security setting >> without causing a FATAL error. > > > Can you

Re: [Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-02 Thread Jonathan K. Bullard
Hi. On Mon, Jul 2, 2018 at 9:24 PM, wrote: > > From: Selva Nair > > Instead log only a warning. > > This helps user interfaces enforce a safer script-security setting > without causing a FATAL error. Can you expand on that? What "safer script secuity settings' do you have in mind? Tunnelblick

[Openvpn-devel] [PATCH] Make up/down script errors not FATAL

2018-07-02 Thread selva . nair
From: Selva Nair Instead log only a warning. This helps user interfaces enforce a safer script-security setting without causing a FATAL error. Signed-off-by: Selva Nair --- Note: All other scripts are called with flag = 0 and will only trigger a warning message if openvpn_execve fails.