Re: [Openvpn-users] down script with root permissions

[James Yonan <jim@xxxxxxxxx>]

On Sun, 12 Sep 2004, Claas Hilbrecht wrote:

> I like the user "nobody" and chroot "dir" option with openvpn. I want to 
> use this together with the up and down script support. I tried to configure 
> a packetfilter with the up and down scripts. Since the up scripts runs with 
> root permission all scripts commands run fine. But the down script is run 
> within the chroot and with nobody user permissions. This causes the down 
> script to fail. I thought about runnig openvpn in a sh script that 
> supervises the openvpn prozess and run the down script from within that sh 
> script. But I wonder if this is a security issue.

I think that we would need to use some sort of privilege separation model 
if we want to use --user nobody but also have the down script execute with 
privilege.

> BTW: I think running the openvpn down script after removing 
the tun 
> interface is not a good idea. Because this could be a race condition 
> between a shutdown script and a up script. I can image a situation where 
> one openvpn just shutdowns the tun device and run the down script while 
> another openvpn prozess just create the tun device. If both scripts uses 
> the tunX device name with e.g. iptables this could causes serious problems.

Right, but shutdown scripts can't really do anything with the tun/tap 
interface because it has already been closed by the time they are run.

What sort of thing are you imagining that the down script might do with 
the tun/tap interface which might potentially race with another OpenVPN 
process which is starting up?

James


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users