Running OC as Root: Security Implications?
Orin L.
orinlunder at gmail.com
Tue Jul 3 14:30:54 EDT 2012
Thanks David.
So, assuming there's no unknown security "bug" in OpenConnect, running
it as root introduces no additional vulnerabilities to internet
threats?
You mentioned that the Cisco client also runs as root. Is this true,
even though a connection could be established by running the gui as a
normal (non-root) user?
Finally, what's the recommended way to terminate a VPN session
initiated form OpenConnect? Ctrl-C?
OL
On Wed, Jun 27, 2012 at 3:51 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> Fairly much, yes. It's vaguely possible for someone with a packet
> sniffer in the path between you and the server to see your TCP or UDP
> traffic and maybe inject a packet — but almost impossible for them to
> get the MAC on that packet correct, which will result in the TCP
> connection closing, or their UDP packet being silently discarded.
>
> And of course, such a vulnerability shouldn't exist.
More information about the openconnect-devel
mailing list