Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-27 Thread Amm Vpn
- Original Message - > From: Eric Crist > All of this can be solved with sed.  No need for an OpenVPN patch that simply > makes your life a little easier.  This hasn't been requested by > 'many' users, like you claim.  It's only been requested by you. Ok. No issues. However, I dont

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-27 Thread Eric Crist
On Aug 27, 2012, at 08:11:53, Amm Vpn wrote: > With my idea of simple textarea HTML field, local admin himself (without > needing me) > can enable a feature or remove deprecated feature by simply adding/removing > related line. All I have to make sure that disallow word "script-dir" in > fronte

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-27 Thread Amm Vpn
- Original Message - > From: David Sommerseth > To: Amm Vpn > Cc: "openvpn-devel@lists.sourceforge.net" > > Sent: Monday, 27 August 2012 3:46 PM > Subject: Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir > Hi, First of all thanks for

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-27 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/08/12 03:24, Amm Vpn wrote: > Hi, > > First I just wanted to know if you are the decision maker for > OpenVPN? I am one of more. But I'm kind of the main community gatekeeper for the public git trees. Patches go through me. But I listen to t

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-27 Thread Eric F Crist
There are a few decision makers who have sent NAKs regarding your patch. This isn't going to be considered further. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. Amm Vpn wrote: Hi, First I just wanted to know if you are the decision maker for OpenVPN? Because, the

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-27 Thread Amm Vpn
Hi, First I just wanted to know if you are the decision maker for OpenVPN? Because, the reasons/scenarios you are giving do not make sense to me. You are not at all considering the real danger (a what-if case) (Do not take it in offensive way please) I just wanted to make sure I am posting the

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-26 Thread David Sommerseth
NAK again. This still does not belong in the core OpenVPN, IMO. If you want to have this feature, you need to enforce this in your front-end where you sanitise the config *before* OpenVPN is started. Which was my conclusion from the last time as well. Having this as a runtime configuratio

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-24 Thread Amm Vpn
Hello all, I am attaching a new patch which takes care of few things discussed yesterday. Summary of patch: 1) Add new option --script-dir which restricts any user defined script to run only from specific directory 2) Backward compatible. If script-dir is not specified then it allows script fr

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/08/12 17:30, Amm Vpn wrote: > > Currently openvpn BLINDLY runs any script which in my opinion is > too dangerous. One breach and intruder can simply erase your whole > harddisk. Agreed. > My idea of script-dir is taken from sendmail concept of

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/08/12 15:09, ammdispose-...@yahoo.com wrote: > Hello all, > > I am submitting a minor patch which includes an option to specify > --script-dir. > i.e. any user defined script will be run ONLY IF it is present in > "script-dir". > > The reason I

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread Eric Crist
On Aug 23, 2012, at 10:30:51, Amm Vpn wrote: > - Original Message - >> From: Eric Crist >> To: Amm Vpn >> Cc: Heiko Hund ; >> "openvpn-devel@lists.sourceforge.net" >> Sent: Thursday, 23 August 2012 8:19 PM >> Subject: Re: [Openv

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread Amm Vpn
- Original Message - > From: Eric Crist > To: Amm Vpn > Cc: Heiko Hund ; "openvpn-devel@lists.sourceforge.net" > > Sent: Thursday, 23 August 2012 8:19 PM > Subject: Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir   >> So best is to m

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread Eric Crist
On Aug 23, 2012, at 09:45:14, Amm Vpn wrote: >> Hi >> >> On Thu 23 08 2012 21:09:49 ammdispose-...@yahoo.com wrote: >>> So my idea was >>> 1) Add a new option called script-dir >>> 2) Frontend will not allow word "script-dir" in config file (so admin cant >>> change it) >>> 3) script-dir will b

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread Amm Vpn
Hi > > From: Heiko Hund >To: openvpn-devel@lists.sourceforge.net; "ammdispose-...@yahoo.com" > >Sent: Thursday, 23 August 2012 7:15 PM >Subject: Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir > >Hi > &

Re: [Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread Heiko Hund
Hi On Thu 23 08 2012 21:09:49 ammdispose-...@yahoo.com wrote: > So my idea was > 1) Add a new option called script-dir > 2) Frontend will not allow word "script-dir" in config file (so admin cant > change it) > 3) script-dir will be passed on command line > > This way admin can not run anything

[Openvpn-devel] patch for 2.2.2 to include --script-dir

2012-08-23 Thread ammdispose-...@yahoo.com
Hello all, I am submitting a minor patch which includes an option to specify --script-dir. i.e. any user defined script will be run ONLY IF it is present in "script-dir". The reason I needed this is because I had a frontend to configuration file which allowed administrator to change configuratio