|
|
n Wed, 2006-11-08 at 20:12 +0300, Tony wrote: > On Tue, 07 Nov 2006 17:29:59 +0300, John A. Sullivan III > <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: > > > We utilize CPAU > By the way, is not it a way to elevate one's privileges?! > > If one uses CPAU to envelope the OpenVPN GUI - it will be possible to run > the text editor on behalf of local admin! > Just select the "Edit Config", and open any other file from within the > "Notepad.exe"... > > I did not try it yet. > > Please comment. > > Tony. <snip> It is certainly a way to elevate privileges. We chose it over other alternatives because we could encrypt the admin password and use it for that application only. However it may be true that someone could use the text edit maliciously or at least dangerously. I have not tried that. Thanks for pointing it out - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx Financially sustainable open source development http://www.opensourcedevel.com ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00085.html on line 208 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-11/msg00085.html on line 208 |