72 | | This approach was suggested by Alon Bar-Lev. |
| 72 | This approach [http://thread.gmane.org/gmane.network.openvpn.devel/5755/focus=5869 was suggested] by Alon Bar-Lev. See the [http://thread.gmane.org/gmane.network.openvpn.devel/5755/focus=5869 original email] for more detailed information. In a nutshell, privilege separation would be achieved using [http://en.wikipedia.org/wiki/COM%2B#COM.2B COM+] objects: |
| 73 | |
| 74 | * OpenVPNUI.Network |
| 75 | * OpenVPNUI.Tunnel |
| 76 | |
| 77 | The identity and access to these objects is controlled using the COM+ infrastructure. This means COM+ does all the work and no communication or security check within code are required. |
| 78 | |
| 79 | ||'''Component'''||'''Runs as'''||'''Tasks/capabilities'''|| |
| 80 | ||OpenVPN||It's own unprivileged user account||Access OpenVPNUI.Network object|| |
| 81 | ||OpenVPN GUI||Interactive user||Initiate connections and disconnections. Run OpenVPN connect/disconnect scripts|| |
| 82 | |
| 83 | OpenVPNUI.Network COM+ object runs as a user belonging to the ''Network Configuration Operators'' group. The OpenVPNUI.Tunnel COM+ object has access to the OpenVPNUI.Network object, so that it can delegate privileged network operations to it. |
| 84 | |
| 85 | In this configuration, only the administrator can modify OpenVPN configuration files. |