On Fri, Oct 3, 2014 at 3:25 AM, Orin L. <orinlunder at gmail.com> wrote: > Has the OpenConnect Team examined and vetted the source code of > "ocproxy" to verify its security? Which would be safer: to run > OpenConnect as root without ocproxy, or to run OpenConnect as a > non-root user using ocproxy? (I don't need particular features of > ocproxy, I just have the general impression that it's preferable to > avoid running internet-facing programs as root). What sorts of attacks are you primarily concerned about? Running as non-root is most effective if you're keeping the rest of the system patched (particularly the kernel and setuid binaries), so that somebody who obtains a non-root shell cannot easily escalate to root. Also, it probably helps if you run internet-facing programs under a restricted UID that cannot access sensitive files or write to your home directory. Since ocproxy is kind of a niche program it has probably received much less test coverage and code review than openconnect. If you are on a multiuser system, any other process/UID can access ocproxy as there is currently no support for authentication. But this can be restricted via iptables. If you're worried about ShellShock, I think all openconnect configurations could potentially be vulnerable in one way or another...
