|
|
e0200783 <e0200783@xxxxxx> said: > > Hello > > It seems that the --down cmd parameter (openvpn ver 1.4.3 with user&group > set to nobody) is not working if the owner&group of the cmd script is > root. When the owner&group is changed to nobody the openvpn don't show > the error 126 in /var/log/message but the script is useless because of > nobody's poor rights. This is a known problem when using --down and --user nobody. They don't really work well together. If they did, it would sort of defeat the purpose of --user nobody in the first place, which is to create a process sufficiently stripped of privileges, such that even if an attacker were able to compromise it, they wouldn't be able to cause any damage. The only way (I can think of) to make --down run with privileges in this context, would be to fork off a root child before the privilege downgrade of the main openvpn thread. Then have the main thread tell the still privileged thread to perform the --down function at the appropriate time. But this would need to be done in such a way that the root child is highly insulated from the main unprivileged thread -- otherwise the privilege separation model breaks down. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |