Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issues #4

Open
ghost opened this issue Jan 27, 2017 · 2 comments
Open

Security issues #4

ghost opened this issue Jan 27, 2017 · 2 comments
Labels
enhancement

Comments

@ghost
Copy link

ghost commented Jan 27, 2017
edited by ghost 

Differently from autovpn, this tool is able to run on Windows. Instead of executing sudo directly from the code, this tool leaves the task up to the user, so it is suposed to work on any platform.
  • You download a file over HTTP
  • This file is then piped straight into a file
  • This file is then fed into OpenVPN running as root

So pretty much, if the remote host wanted to, they could run arbitrary commands on your host, as root.

You can provide script-security 2 inside the configuration file which will result in execution of binaries and other scripts inside the configuration file

¯\(ツ)
@rodrigogs
Copy link
Owner

I'll try to make it happen as soon as I can. Also, pull requests are very welcome :)

@rodrigogs
Copy link
Owner

@chnkr I'd appreciate some help with this configuration, if you may.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rodrigogs