Re: openvpn needs more settings

From: David Zeuthen <davidz redhat com>
To: Steve Wray <steve wray cwa co nz>
Cc: networkmanager-list gnome org
Subject: Re: openvpn needs more settings
Date: Mon, 02 Oct 2006 20:00:18 -0400

On Mon, 2006-10-02 at 15:02 +1300, Steve Wray wrote:
> How about giving the option to pull in a regular, normal openvpn config
> file and stuff that into the NetworkManager settings? That would be just
> brilliant...
> 
> Or even just to get NetworkManager to point at an openvpn config file
> (under 'advanced' with a 'browse for a file to use instead of the gconfd
> stuff')?
> 
> I mean gconfd is all very well but actually using config files that the
> underlying software itself actually uses shouldn't be *too* hard eh?

Hardly brilliant. It's waaay to dangerous to do that. At least if
openvpn is anything like vpnc where you can specify things like
"--script <command>". Allowing this basically gives the unprivileged
user at the desktop console root powers. As such it would be considered
an exploit. Hence why we're validating options we read from gconf.

So the only sane way to fix this is do what Dan says; extend the
function nm_openvpn_config_options_validate() etc. etc. to only include
options that does not give the full power of root to the unprivileged
desktop user.

     David

Follow-Ups:
- Re: openvpn needs more settings
  - From: Steve Wray

References:
- openvpn needs more settings
  - From: Steve Wray
- Re: openvpn needs more settings
  - From: Dan Williams
- Re: openvpn needs more settings
  - From: Steve Wray

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]