Hi,
> That'll probably work with some extra sanity checks on the file name.
> Ideally we should just pass the dev-node (empty if unspecified) and type of
> device (TAP6 or WINTUN), but that will require a lot of duplication of
> code in the service, as you noted.
>
> One option is to pass the de
Hi
On Wed, Jul 17, 2019 at 8:20 AM Lev Stipakov wrote:
> Hi,
>
> Sorry for delay - I was on vacation.
>
> (i) The new message is named message_open_tun, but it allows opening
>> any file using the service. This is not secure.
>
>
> I am thinking of possible vector of attack here.
>
> In our case
Hi,
Sorry for delay - I was on vacation.
(i) The new message is named message_open_tun, but it allows opening
> any file using the service. This is not secure.
I am thinking of possible vector of attack here.
In our case it is service which launches openvpn process using
path set in registry,
Hi,
On Thu, Jun 27, 2019 at 8:08 AM Lev Stipakov wrote:
>
> From: Lev Stipakov
>
> This patch enables interactive service to open tun device.
> This is mostly needed by Wintun, which could be opened
> only by privileged process.
>
> When interactive service is used, instead of calling
> CreateFi
