|
|
This seems like a simple, neat solution to this problem. I've created a custom build to disable edit config and view log to mitigate the privilege escalation issue. John - would you mind sending me your nsis install script? John A. Sullivan III wrote: > n Wed, 2006-11-08 at 20:12 +0300, Tony wrote: >> On Tue, 07 Nov 2006 17:29:59 +0300, John A. Sullivan III >> <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote: >> >>> We utilize CPAU >> By the way, is not it a way to elevate one's privileges?! >> >> If one uses CPAU to envelope the OpenVPN GUI - it will be possible to run >> the text editor on behalf of local admin! >> Just select the "Edit Config", and open any other file from within the >> "Notepad.exe"... >> >> I did not try it yet. >> >> Please comment. >> >> Tony. > <snip> > It is certainly a way to elevate privileges. We chose it over other > alternatives because we could encrypt the admin password and use it for > that application only. However it may be true that someone could use > the text edit maliciously or at least dangerously. I have not tried > that. Thanks for pointing it out - John -- Richard Quintin, DBA DBMS Virginia Tech ~ Keep the faith...but not from others. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |