Changes between Version 3 and Version 4 of PrivilegeSeparation

Timestamp:

03/12/12 10:36:00 (12 years ago)

Author:

Samuli Seppänen

Comment:

--

PrivilegeSeparation

@@ -53 +53 @@
 This solution was suggested by James Yonan. According to him it's fairly common in enterprise VPN clients:
 
-||'''Component'''||'''Runs as'''||'''Tasks'''||
+||'''Component'''||'''Runs as'''||'''Tasks/capabilities'''||
 ||OpenVPN GUI||Interactive user||Initiate connections and disconnections||
 ||OpenVPN service||Privileged user||Accept requests from the GUI and control OpenVPN||
@@ -70 +70 @@
 == COM+ ==
 
-This approach was suggested by Alon Bar-Lev.
+This approach [http://thread.gmane.org/gmane.network.openvpn.devel/5755/focus=5869 was suggested] by Alon Bar-Lev. See the [http://thread.gmane.org/gmane.network.openvpn.devel/5755/focus=5869 original email] for more detailed information. In a nutshell, privilege separation would be achieved using [http://en.wikipedia.org/wiki/COM%2B#COM.2B COM+] objects:
+
+ * OpenVPNUI.Network
+ * OpenVPNUI.Tunnel
+
+The identity and access to these objects is controlled using the COM+ infrastructure. This means COM+ does all the work and no communication or security check within code are required.
+
+||'''Component'''||'''Runs as'''||'''Tasks/capabilities'''||
+||OpenVPN||It's own unprivileged user account||Access OpenVPNUI.Network object||
+||OpenVPN GUI||Interactive user||Initiate connections and disconnections. Run OpenVPN connect/disconnect scripts||
+
+OpenVPNUI.Network COM+ object runs as a user belonging to the ''Network Configuration Operators'' group. The OpenVPNUI.Tunnel COM+ object has access to the OpenVPNUI.Network object, so that it can delegate privileged network operations to it.
+
+In this configuration, only the administrator can modify OpenVPN configuration files.
 
 = External links =