Changes between Version 13 and Version 14 of PrivilegeSeparation

Timestamp:

03/13/12 12:10:41 (12 years ago)

Author:

Samuli Seppänen

Comment:

--

PrivilegeSeparation

@@ -98 +98 @@
  * The interactive service must not allow access from non-OpenVPN processes running as the same user as OpenVPN/OpenVPN GUI
   * From James Yonan: ''"...the pipe/socket to the privileged process [=interactive service] needs to be access-controlled so that only openvpn can use it.  You don't want to introduce a privilege escalation vulnerability where operations that would normally be privileged (like changing the default route) can now be done by any process in user space just by leveraging on the openvpn pipe/socket."''
-  * From James Yonan: ''"...other non-privileged software might be able to access the APIs for these wrappers [=interactive service], for example by pushing routes into the API. Malware that would normally be confined to user space can now perform privileged operations such as modifying the default route. The end user can now connect to any VPN  server of their choice (a major violation of enterprise model).  What you've essentially done with this model is introduce a privilege escalation vulnerability because operations that would normally require privilege, such as adding routes, can now be done by a non-privileged user.
+  * From James Yonan: ''"...other non-privileged software might be able to access the APIs for these wrappers [=interactive service], for example by pushing routes into the API. Malware that would normally be confined to user space can now perform privileged operations such as modifying the default route. The end user can now connect to any VPN  server of their choice (a major violation of enterprise model).  What you've essentially done with this model is introduce a privilege escalation vulnerability because operations that would normally require privilege, such as adding routes, can now be done by a non-privileged user."''
 
 == COM+ ==