Jump to content


Start eddie without admin rights planned?

admin eddie boot

  • Please log in to reply
2 replies to this topic

#1 h4ng3r



  • Members
  • Pip
  • 5 posts

Posted 10 April 2017 - 12:47 AM

I've noticed that in OpenVPN 2.4.* there is a new service "OpenVPNInteractiveService" which apparently provides openvpn gui client (run by an unprivileged user) some controls over the vpn. Is that coming to Eddie? To be able to run eddie and connect to vpn with non-admin account.

#2 zhang888


    Donald Trump of IT/Security

  • Moderators
  • 2194 posts

Posted 10 April 2017 - 01:51 AM

The 2.4.x final steps of the audit should be done soon, so it is safer to see what they think about this feature.

Personally I still think there is an attack vector here, although they only cover the OpenVPN exectuable here:



their focus seems to be on preventing abusive OpenVPN directives from being executed for privilege escalation,

such as --up scripts:

This cannot be used anymore for privilege escalation to admin (by running an --up script from openvpn which is run-as-admin).


But you can still replace the OpenVPN binary with another one and gain escalation to admin if the service does not check it.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

#3 h4ng3r



  • Members
  • Pip
  • 5 posts

Posted 10 April 2017 - 12:39 PM

Thank you for such an informative reply. I'll be patient then.

Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13264 - BW: 38768 Mbit/sYour IP: Access.