On Fri, 2011-07-15 at 01:38 +0000, openconnect at lakedaemon.net wrote: > > + if(strcmp("--passwd-on-stdin", argv[i]) == 0) { > + data = strdup(argv[i + 1]); > + i++; Seriously, just *don't* support that. The only invocation of openconnect that you ever want mtp to do is openconnect --cookie-on-stdin $HOSTNAME:$PORT --servercert $FINGERPRINT Four fixed arguments (including the cookie). And maybe --script would be a fifth. Note also that if you really want privilege separation so openconnect doesn't run as root, you need to: - Set up the tun device for it in advance (TUNSETPERSIST, TUNSETOWNER) - Arrange for the routing setup to be done somewhere other than in the script that it spawns. That script obviously won't have root privs *either*, so won't be allowed to configure the network. In the NetworkManager case, the --script argument points to a simple DBus client that sends all the information back to NetworkManager, which does the setup accordingly. -- dwmw2