Re: openvpn needs more settings

[Steve Wray <steve wray cwa co nz>]

David Zeuthen wrote:
> On Mon, 2006-10-02 at 15:02 +1300, Steve Wray wrote:
>> How about giving the option to pull in a regular, normal openvpn config
>> file and stuff that into the NetworkManager settings? That would be just
>> brilliant...
>>
>> Or even just to get NetworkManager to point at an openvpn config file
>> (under 'advanced' with a 'browse for a file to use instead of the gconfd
>> stuff')?
>>
>> I mean gconfd is all very well but actually using config files that the
>> underlying software itself actually uses shouldn't be *too* hard eh?
> 
> Hardly brilliant. It's waaay to dangerous to do that. At least if
> openvpn is anything like vpnc where you can specify things like
> "--script <command>". Allowing this basically gives the unprivileged
> user at the desktop console root powers. As such it would be considered
> an exploit. Hence why we're validating options we read from gconf.

openvpn runs in user space; when root runs it, it drops priviledges
(usually to 'nobody')

I believe that there is no need for priviledge escalation. It should be
able to run with the priviledges of the user who invokes it. That said,
I havn't tested this.

Actually, I'd assumed that this is how NetworkManager actually operates
with openvpn... I didn't notice it asking for the root password...



> So the only sane way to fix this is do what Dan says; extend the
> function nm_openvpn_config_options_validate() etc. etc. to only include
> options that does not give the full power of root to the unprivileged
> desktop user.
> 
>      David
> 
>