--Am Montag, 13. September 2004 11:39 -0600 James Yonan <jim@xxxxxxxxx>
schrieb:
I like the user "nobody" and chroot "dir" option with openvpn. I want to
[...]
a security issue.
I think that we would need to use some sort of privilege separation model
if we want to use --user nobody but also have the down script execute
with privilege.
I think this would be a good idea.
Right, but shutdown scripts can't really do anything with the tun/tap
interface because it has already been closed by the time they are run.
I remove several packetfilter rules with the down script. I use -i <dev>
and -o <dev> with iptables to reference the used tun interface. Now imagine
that one down script removes rules with <tun3> and another one use <tun3>
to add rules.
What sort of thing are you imagining that the down script might do with
the tun/tap interface which might potentially race with another OpenVPN
process which is starting up?
I think it could be possible that one openvpn just closes the tun device
and release this ressource. Now the down script is running with <tunX> as
the used tun device. Meanwhile another openvpn reuse the <tunX> device and
runs the up script with <tunX>. Depending on the iptables command this
could cause problems.
--
Claas Hilbrecht
http://www.jucs-kramkiste.de
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|