Hi, On Thu, Oct 30, 2025 at 12:56:35PM -0400, Selva Nair wrote: > Do we really want to do this? I thought allowing any user process to use > the interactive service was deliberate: the only restriction being user > whitelisted as "OpenVPNAdministrators" or else we allow only a limited set > of config directives. > > Currently, starting openvpn.exe through the service using a script or a > custom application works. Without having to install it in the "OpenVPN/bin" > directory. Do we want to take away that functionality? The threat being > addressed here is unclear to me.
I'm also sceptic on this.
The report was, if I understand this correctly, about "non logged in
users" to be able to access the pipe (by means of whatever means windows
has for this). "Only allow programs from openvpn\bin\ to access the
pipe" fixes something else.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
