ocproxy security
Kevin Cernekee
cernekee at gmail.com
Fri Oct 3 11:13:04 PDT 2014
On Fri, Oct 3, 2014 at 3:25 AM, Orin L. <orinlunder at gmail.com> wrote:
> Has the OpenConnect Team examined and vetted the source code of
> "ocproxy" to verify its security? Which would be safer: to run
> OpenConnect as root without ocproxy, or to run OpenConnect as a
> non-root user using ocproxy? (I don't need particular features of
> ocproxy, I just have the general impression that it's preferable to
> avoid running internet-facing programs as root).
What sorts of attacks are you primarily concerned about?
Running as non-root is most effective if you're keeping the rest of
the system patched (particularly the kernel and setuid binaries), so
that somebody who obtains a non-root shell cannot easily escalate to
root. Also, it probably helps if you run internet-facing programs
under a restricted UID that cannot access sensitive files or write to
your home directory.
Since ocproxy is kind of a niche program it has probably received much
less test coverage and code review than openconnect.
If you are on a multiuser system, any other process/UID can access
ocproxy as there is currently no support for authentication. But this
can be restricted via iptables.
If you're worried about ShellShock, I think all openconnect
configurations could potentially be vulnerable in one way or
another...
More information about the openconnect-devel
mailing list