Running OC as Root: Security Implications?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David,

Thanks so much for your quick response.  I have inserted a couple more
questions prompted by your answer.

On Tue, Jun 26, 2012 at 8:04 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2012-06-26 at 07:34 -0500, Orin L. wrote:
>> ?Could running OpenConnect as root open my desktop
>> system to potential security threats?
>
> Theoretically, yes. It's vaguely possible that if there were a bug in
> OpenConnect, a malicious server *might* be able to exploit it.

Only the connected VPN server (i.e. no attackers at large on the
internet) would have a chance of exploting such a vulnerability?

> Just use the
> '--script-tun' option and it'll pass all its packets to stdin/stdout of
> a separate program, instead of to a tun device. That program can listen
> as a SOCKS server on the local machine, and forward all the connections
> into the VPN. There's an implementation of such a server at
> http://dme.org/ocproxy (Thanks David for sending that).

For security reasons, I typically only use software supplied through
official repositories.  Has ocproxy from dme.org been carefully
examined and vetted by the OpenConnect team?  What's the method for
running "run-ocvpn.sh"?  That is, should the "ocvpn" directory be
placed inside one of the directories created upon installing lwip from
a repository?

> Or if you want to keep it simple and you *do* actually want to route
> packets "properly" from your host to the VPN, you can still run
> OpenConnect as an unprivileged user. On Linux you can create the tun
> device in advance and assign it to the appropriate user with 'ip
> tuntap', and tell OpenConnect the name of the device you want it to use.
> Then it's just case of *configuring* the network according to the
> information you get from the server, which is all done by vpnc-script
> anyway, not OpenConnect itself. It shouldn't be hard to contrive
> something which runs instead of vpnc-script, which just passes all the
> configuration information back to a small tool that *does* run as root.

This seems to require some expertise.  This is all I'm aware of:
#as root
ip tuntap add dev vpn0 user xxxxxxxx mode tun
#does vpn0 then have to be configured somehow?  If so, how?  Does
having a persistent tun device on my system open it up to potential
threats?

#as normal user
openconnect --interface vpn0 https://vpn.domain.com/
#is this correct?

Thanks,

OL



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux