Changes between Version 11 and Version 12 of PrivilegeSeparation
- Timestamp:
- 03/12/12 19:33:48 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
PrivilegeSeparation
v11 v12 76 76 1. API = what? This is exactly where COM comes handy... It creates the "service" for you while providing means of accessing it. Of course we can re-invent the wheel... Implementing the service by hand, and API via named pipe or socket... but why? 77 77 1. I don't like the openvpn running under privileged account, if we want to take this seriously then we should separate the daemon out to unprivileged account, so that if it can be manipulated remotely the scope of damage will be known. 78 1. What exactly privileged account is that? System? Network service? Administrator? I ask because we may need to modify the tap-windows configuration to use a specific ACL. 78 79 1. The "notification" is exactly the current management interface, maybe I miss something... 79 80 1. I still think the keys/certificates/peer validation should be delegated to the UI via the management interface, no matter what the privilege separation solution is.
