----------------------------------------------------------------------------------
@MSGID: 1@dont-email.me> da0dbb49
@REPLYADDR Markus Robert Kessler
<no_reply@dipl-ing-kessler.de>
@REPLYTO 2:5075/128 Markus Robert Kessler
@CHRS: CP866 2
@RFC: 1 0
@RFC-Message-ID: 1@dont-email.me>
@TZUTC: -0000
@PID: Pan/0.149 (Bellevue; 4c157ba
git@gitlab.gnome.org:GNOME/pan.git)
@TID: FIDOGATE-5.12-ge4e8b94
For years I am setting up sudo-based cisco vpnc vpn access, so that
"normal" users can open / close vpns without root password.
Now I did the same with openconnect.
This one also provides the option "--pid-file", which is handy, because
vpnc provides a small program called "vpnc-disconnect", which looks for
the pid hardcoded in /run/vpnc.pid. So, I set up openconnect to use the
same pid-file, and hence oepnconnect can be also terminated using "vpnc-
disconnect".
Well, this option looked suspicious to me from the beginning, and so I had
a look into the sources. There I saw something like "prefix" and other
fancy things around the pid-file, and so I thought this was to "sanitize"
user input.
But it was not.
I tried "openconnect --pid-file /dev/sda ..."
and, guess? -- Yes, the box did not boot anymore.
What makes me nervous is that every non-privileged user can do the same.
Vpnc seems to have the same security hole.
I am just thinking about recompile and rebuild the packages, where this
option is excluded and the pid file is hardcoded to, let`s say /run/
vpnc.pid.
Any idea?
Markus
--
Please reply to group only.
For private email please use
http://www.dipl-ing-kessler.de/email.htm
--- Pan/0.149 (Bellevue; 4c157ba
git@gitlab.gnome.org:GNOME/pan.git)
* Origin: A noiseless patient Spider (2:5075/128)
SEEN-BY: 5001/100 5005/49 5015/255 5019/40 5020/715
848 1042 4441 12000
SEEN-BY: 5030/49 1081 5075/128
@PATH: 5075/128 5020/1042 4441