Changes between Version 2 and Version 3 of PrivilegeSeparation
- Timestamp:
- 03/12/12 10:10:16 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
PrivilegeSeparation
v2 v3 24 24 * ''TUN/TAP device:'' a virtual Ethernet interface 25 25 * ''OpenVPN:'' a tunneling daemon 26 * ''OpenVPN service:'' a system service wrapper for OpenVPN 26 27 * ''OpenVPN configuration files'' 27 28 * ''Network utilities:'' ifconfig, route, etc. … … 52 53 This solution was suggested by James Yonan. According to him it's fairly common in enterprise VPN clients: 53 54 54 ||'''Component'''||'''Runs as'''|| 55 ||OpenVPN GUI||Interactive user|| 56 ||OpenVPN service||Privileged user|| 57 ||OpenVPN||Privileged user|| 55 ||'''Component'''||'''Runs as'''||'''Tasks'''|| 56 ||OpenVPN GUI||Interactive user||Initiate connections and disconnections|| 57 ||OpenVPN service||Privileged user||Accept requests from the GUI and control OpenVPN|| 58 ||OpenVPN||Privileged user||Setting up TUN/TAP interfaces, routes, making connections, etc.|| 58 59 59 60 Using this approach, ''OpenVPN service'' provides a simple API that the ''OpenVPN GUI'' uses to connect and disconnect. So, when the interactive user wants to connect, the following happens: