[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-devel] Features comments/request

  • Subject: Re: [Openvpn-devel] Features comments/request
  • From: "James Yonan" <jim@xxxxxxxx>
  • Date: Tue, 25 Jun 2002 10:02:18 -0600

Hi Alberto,

> I'd like to ask for a couple of features (little ones) added to OpenVPN.
> Comments welcomed.
> 1) OpenVPN should refuse to start a connection based on shared secret
> when the file containing that key is world readable (or writable).
> Paranoia won't even like group readable :-)
> Really, that's an important piece (the most?) in that kind of VPN, we
> don't want it to be public. Just imagine an (non-chrooted) anonymous
> ftp server, a bad configured web server/cgi-script, a malicious user,...

Good idea, however what if someone doesn't want to deal with the protections
on every file and instead just eliminates group/world access to the key
directory?  Therefore, erring on the individual file protections could
create a false sense of paranoia?

> 2) Each OpenVPN daemon should delete its pidfile when stoping, since it
> was that very same daemon that created it.
> It has no sense to have the init.d scripts deleting these files (and
> stoping nonexistent daemons) since the daemon could have been killed
> before the init.d script tried to stop it.

The complication here is that a lot of people will want to downgrade
privilege using --user and/or --group.  That means that when an OpenVPN
daemon is ready to exit, it might lack the privilege to delete its own
pidfile.  I've seen other daemons deal with this by chowning the pid file to
the user/group that the daemon plans to setuid/setgid to.

Having said that, I think both ideas are worth doing.


Openvpn-devel mailing list