Hi Heiko, Am 9. März 2012 14:42 schrieb Heiko Hund <heiko.h...@sophos.com>: > Instead I plan to secure the process (and the probably the pipe handle as > well) against malicious operations by not granting the user any sophisticated > access to it, i.e. you can only inject code if you can write the process' > memory. This will be enforced by the security descriptor assigned to the > process by the service at creation time. The service account will own the > process object, so that the user cannot sneak his way in by modifying the > DACL.
As I'm not very familiar with the Windows nomenclature, I'm not sure whether I've correctly understood what you're saying. Does your approach prevent the user from injecting code into the OpenVPN process? Or does it only prevent the user from directly accessing the pipe? (IIUC you would need the integrity level approach to prevent the former so I assume you're describing how the pipe handle will be protected instead.) Cheers Fabian
