Jump to content


Photo

Start eddie without admin rights planned?

admin eddie boot

  • Please log in to reply
2 replies to this topic

#1 h4ng3r

h4ng3r

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 10 April 2017 - 12:47 AM

I've noticed that in OpenVPN 2.4.* there is a new service "OpenVPNInteractiveService" which apparently provides openvpn gui client (run by an unprivileged user) some controls over the vpn. Is that coming to Eddie? To be able to run eddie and connect to vpn with non-admin account.



#2 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2021 posts

Posted 10 April 2017 - 01:51 AM

The 2.4.x final steps of the audit should be done soon, so it is safer to see what they think about this feature.

Personally I still think there is an attack vector here, although they only cover the OpenVPN exectuable here:

https://community.openvpn.net/openvpn/wiki/OpenVPNInteractiveService

 

their focus seems to be on preventing abusive OpenVPN directives from being executed for privilege escalation,

such as --up scripts:

This cannot be used anymore for privilege escalation to admin (by running an --up script from openvpn which is run-as-admin).

 

But you can still replace the OpenVPN binary with another one and gain escalation to admin if the service does not check it.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#3 h4ng3r

h4ng3r

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 10 April 2017 - 12:39 PM

Thank you for such an informative reply. I'll be patient then.







Similar Topics Collapse


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Servers online. Online Users: 13866 - BW: 40262 Mbit/sYour IP: 54.80.158.127Guest Access.