Quick question for folks on this list. During our security review of OpenConnect server, a couple of the question were raised: 1) Can we drop privileges from the ocserv-main process after forking the ocserv-sm? a. Looking through the code, I don't see any obvious reason why not, but I might be missing something. 2) Assuming the use of Docker, would it make sense to split ocserv-sm into its own process chain so that it can run in separate docker container (i.e. not have it fork from ocserv-main)? a. Goal is to avoid having to grant NET_ADMIN cap to a service that is internet facing (i.e. ocserv-main and ocserv-worker would not have NET_ADMIN cap). 3) Has there been any work done to fuzz the IPC, especially from ocserv-worker -> ocserv-sm? a. My team has a task to do this, but if we already have data on this that would be a great place to start. 4) What is the recommended best practice for protecting the X509 cert private key? a. TPM + password? Encrypted disk partition? _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
