Changes between Version 12 and Version 13 of PrivilegeSeparation
- Timestamp:
- 03/12/12 22:24:47 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
PrivilegeSeparation
v12 v13 106 106 ||'''Component'''||'''COM+ object'''||'''Runs as'''||'''Tasks/capabilities'''|| 107 107 ||OpenVPN GUI||-||Interactive user||Initiate connections and disconnections. Run OpenVPN connect/disconnect scripts|| 108 || OpenVPN service||OpenVPNUI.Network||Privileged user||Create and remove routes||109 ||OpenVPN ||OpenVPN.Tunnel||An unprivileged user account||Access OpenVPNUI.Network object||108 ||Network configuration||OpenVPNUI.Network||Privileged user (network operator group)||Create and remove routes|| 109 ||OpenVPN service||OpenVPNUI.Tunnel||An unprivileged user account||Access OpenVPNUI.Network object|| 110 110 111 111 The identity and access to the COM+ objects would be controlled by the COM+ infrastructure. This means COM+ would do all the work and no communication or security check within code are required. Each component of OpenVPN could be started in a different security context, e.g. ''OpenVPN service'' would run within a context that allows ''Network configuration. … … 113 113 Details for successful implementation: 114 114 115 * Something similar to Linux "ip" utility is needed for Windows (would run as the OpenVPNUI.Network COM+ object) [alonbl: wrong, see bellow]. 115 * Running OpenVPN daemon using completely unprivileged account. 116 * Allowing OpenVPN to perform network operations by delegating these into OpenVPNUI.Network, this is optional if we would like to run OpenVPN daemon using completely unprivileged account. 117 * The OpenVPNUI.Network may validate operations and allow [for example] only route into tap and/or tap configuration. 116 118 * UI to run beforeconnect/connect/disconnect scripts. 117 119 … … 123 125 1. Network configuration program has also [good] side effects... we could provide several "network configuration" executables, per platform, per security model, per utilities (ifconfig, iproute2), and split the platform dependent code from the openvpn executable, making it much simple as it uses a single interface. So we have advantage for this in all platforms. 124 126 1. I provided the skeleton for this, so technology wise it is doable. 127 1. I still think the keys/certificates/peer validation should be delegated to the UI via the management interface, no matter what the privilege separation solution is. 125 128 126 129 = External links =