On Tue, Jun 13, 2017 at 3:54 PM, Arne Schwabe <a...@rfc2549.org> wrote:
> >
> >
> > if user is administrator, interactive service is not used.
> > well, I did miss that about interactive service.
> >
>
> I wonder we should always use the interactive service if available and
> add (dont-use-interactive) option, so behaviour is always the same.
This was done for security -- some Windows versions have broken handling of
passing credentials through named pipe which could be used for privilege
escalation. I have seen this exploit work only on Windows XP[*], but to be
cautious we opted not to allow openvpn running as admin connect to the
service pipe.
But anyway, in this case its the service that's doing the wrong thing.
Selva
[*] On XP, a rogue program running as user can gain admin rights if a
program running as admin connects to it through a named pipe.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
