I had time to look at the code, what I don't understand is how come we
work none blocking and do not test for EWOULDBLOCK at other places...
If I get it right, at least after send() we can get EWOULDBLOCK even
if select() returned we have free buffers.
On Wed, Jul 18, 2012 at 7:20 AM, Alon Bar-Lev
On Wed, Jul 18, 2012 at 10:10 AM, David Sommerseth <
openvpn.l...@topphemmelig.net> wrote:
> * The computer is configured to allow OpenVPN to run without root
> password
>
Yes. The vulnerability requires configuring the computer to allow *the
user*to start OpenVPN
*as root* without entering the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/07/12 14:44, Jonathan K. Bullard wrote:
> On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev
> mailto:alon.bar...@gmail.com>> wrote:
>
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As build system already aware of
On Wed, Jul 18, 2012 at 9:37 AM, Alon Bar-Lev wrote:
> Nobody disables the absolute path use.
> This patch permits relative use.
>
I'm sorry, I misunderstood. So a relative path will now be interpreted as
relative to the plugins directory specified a build time, rather than
whatever it is relati
Currently openvpn requires/endorses specifying full path in plugin
parameter. As build system already aware of plugin location, it is
possible to load plugin relative to this directory, so full path is not
required nor more secured.
Windows is a little more complex as user may change installation
Nobody disables the absolute path use.
This patch permits relative use.
On Wed, Jul 18, 2012 at 3:44 PM, Jonathan K. Bullard
wrote:
> On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote:
>>
>> Currently openvpn requires/endorses specifying full path in plugin
>> parameter. As build system alread
On Wed, Jul 18, 2012 at 4:34 PM, Alon Bar-Lev wrote:
> Hi!
>
> On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote:
>> Hi Alon
>>
>> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
>>> Currently openvpn requires/endorses specifying full path in plugin
>>> parameter.
>>
>> Specifying a custom f
Hi!
On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund wrote:
> Hi Alon
>
> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
>> Currently openvpn requires/endorses specifying full path in plugin
>> parameter.
>
> Specifying a custom full path is probably something we need to ban in the
> (near) futu
On Wed, Jul 18, 2012 at 4:26 PM, David Sommerseth > Agreed, this
sounds like a feature regression.
>
> Dynamic loading requires dlopen() and such (provided by libdl) and
> when compiled non-static, all this dlopen() stuff happens
> automatically, as the linker have instructed the binary what to loa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 18/07/12 15:00, Jonathan K. Bullard wrote:
> On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev
> wrote:
>> (3) I want to build "compat" as a static library. How can I do
>> that? You don't need the above... just add
>> LDFLAGS="-static", I guess.
>
On Mon, Jul 16, 2012 at 12:45 PM, Alon Bar-Lev wrote:
> > (1) Is there a way to disable building "openvpnserv" and the "auth-pam"
> > plugin?
> --disable-plugin-auth-pam
>
Thanks. I have found the configure documentation. However, I can't get it
to do what I want it to do: I want to build a singl
Hello all,
May one please tell me where a good resource is to understand the
OpenVPN message structure?
I can than try to answer my questions myself.
Many thanks,
Kai
Am 17.07.2012 01:16, schrieb Kai:
Hello all,
While using SSLH ( www.rutschle.net/tech/sslh.shtml ) which tries to
use
On Tue, Jun 26, 2012 at 1:05 PM, Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter. As build system already aware of plugin location, it is
> possible to load plugin relative to this directory, so full path is not
> required nor more secured.
>
>
On Wednesday 18 July 2012 13:44:41 Heiko Hund wrote:
> code injection when openvpn is not running as another user or has access to
Scratch the "not" please, typo.
Heiko
--
Heiko Hund | Sr. Software Engineer | Tel +49-721-25516-237 | Fax -200
SOPHOS NSG | Amalienbadstr. 41 Bau 52 | 76227 Karlsruh
Hi Alon
On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote:
> Currently openvpn requires/endorses specifying full path in plugin
> parameter.
Specifying a custom full path is probably something we need to ban in the
(near) future, as it imposes an attack vector for privilege escalation by code
Thanks.
I think this is the simplest solution to this issue.
On Tue, Jul 17, 2012 at 7:19 PM, Heiko Hund wrote:
> Instead of EINPROGRESS WinSock2 returns WSAEWOULDBLOCK if a non-blocking
> connect(2) cannot be completed immediately.
>
> Signed-off-by: Heiko Hund
> ---
> src/openvpn/socket.c |
16 matches
Mail list logo
