Running OC as Root: Security Implications?
Orin L.
orinlunder at gmail.com
Wed Jun 27 02:51:49 EDT 2012
David,
Thanks so much for your quick response. I have inserted a couple more
questions prompted by your answer.
On Tue, Jun 26, 2012 at 8:04 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2012-06-26 at 07:34 -0500, Orin L. wrote:
>> Could running OpenConnect as root open my desktop
>> system to potential security threats?
>
> Theoretically, yes. It's vaguely possible that if there were a bug in
> OpenConnect, a malicious server *might* be able to exploit it.
Only the connected VPN server (i.e. no attackers at large on the
internet) would have a chance of exploting such a vulnerability?
> Just use the
> '--script-tun' option and it'll pass all its packets to stdin/stdout of
> a separate program, instead of to a tun device. That program can listen
> as a SOCKS server on the local machine, and forward all the connections
> into the VPN. There's an implementation of such a server at
> http://dme.org/ocproxy (Thanks David for sending that).
For security reasons, I typically only use software supplied through
official repositories. Has ocproxy from dme.org been carefully
examined and vetted by the OpenConnect team? What's the method for
running "run-ocvpn.sh"? That is, should the "ocvpn" directory be
placed inside one of the directories created upon installing lwip from
a repository?
> Or if you want to keep it simple and you *do* actually want to route
> packets "properly" from your host to the VPN, you can still run
> OpenConnect as an unprivileged user. On Linux you can create the tun
> device in advance and assign it to the appropriate user with 'ip
> tuntap', and tell OpenConnect the name of the device you want it to use.
> Then it's just case of *configuring* the network according to the
> information you get from the server, which is all done by vpnc-script
> anyway, not OpenConnect itself. It shouldn't be hard to contrive
> something which runs instead of vpnc-script, which just passes all the
> configuration information back to a small tool that *does* run as root.
This seems to require some expertise. This is all I'm aware of:
#as root
ip tuntap add dev vpn0 user xxxxxxxx mode tun
#does vpn0 then have to be configured somehow? If so, how? Does
having a persistent tun device on my system open it up to potential
threats?
#as normal user
openconnect --interface vpn0 https://vpn.domain.com/
#is this correct?
Thanks,
OL
More information about the openconnect-devel
mailing list