Hi On Monday 12 March 2012 19:01:41 Alon Bar-Lev wrote: > Although I tried to go farther... that what James suggested. > What is the baseline? This what we should agree first... > Should openvpn daemon be run on completely unprivileged account or not.
I don't support the idea about running openvpn.exe with elevated privileges. It has been run as the user before and that worked fine until Microsoft limited access to system resources in Vista. The service approach with the elevation pipe solves exactly that problem. Openvpn is very complex, running is under a privileged account is a security risk in my opinion. The elevation pipe offers a very limited and well defined interface to configure needed system resources only and tries hard to allow access for openvpn.exe only. If you compare what the possibilities of an attacker would be if the openvpn.exe process is compromised in both scenarios there's not much room to argue IMO. Regards Heiko -- Heiko Hund | Software Engineer | Phone +49-721-25516-237 | Fax -200 Astaro a Sophos Company | Amalienbadstr. 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRA 702710 | Headquarter Location: Karlsruhe Represented by the General Partner Astaro Verwaltungs GmbH Amalienbadstraße 41 Bau 52 | 76227 Karlsruhe | Germany Commercial Register: Mannheim HRB 708248 | Executive Board: Gert Hansen, Markus Hennig, Jan Hichert, Günter Junk, Dr. Frank Nellissen
