Running OC as Root: Security Implications?

[David Woodhouse]

On Tue, 2012-07-03 at 13:30 -0500, Orin L. wrote:
> Thanks David.
> 
> So, assuming there's no unknown security "bug" in OpenConnect, running
> it as root introduces no additional vulnerabilities to internet
> threats?

Right. Running as non-root — or in the general case, running with no
more privileges than are absolutely necessary — is good security
practice just in *case* there are bugs which allow an attacker to
exploit the code in question.

For example, when the Cisco client had¹ the stupid bug where it would
open a fixed filename in /tmp (a failure of basic security knowledge on
their part), it was made much *worse* because it was doing that as
*root* and thus could be tricked into overwriting any file on the
system. If it'd been doing it as a less privileged user, it wouldn't
have been anywhere near so bad.

> You mentioned that the Cisco client also runs as root.  Is this true,
> even though a connection could be established by running the gui as a
> normal (non-root) user?

The vpnagentd dæmon runs as root, and the 'vpn' and 'vpnui' clients will
communicate with it. I suspect they communicate with it over a UNIX
socket or something like that.

> Finally, what's the recommended way to terminate a VPN session
> initiated form OpenConnect?  Ctrl-C?

Yes. That will send a message to the server which will terminate the
session, and then exit.

If you want to quit in such a way that you can reconnect with the same
cookie (and hence the same IP address), use SIGKILL instead.

-- 
dwmw2

¹ I say 'had'. For all I know, they might still have it. They never did
  respond coherently to the bug report, as far as I know.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120703/fd1ee24b/attachment.bin>