Can openvpn (client) be setup completely sandboxed/no-root? Anyone have links to a guide for doing so?
By the time it does that it's already had complex interaction with untrusted remote while running as root.
-
-
But more fundamentally I don't want it adding routes under the remote's control. I want to use static addrs/routes & nat to remote.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
good point, maybe there's a flag to accept nothing from the server?
-
Using --tls-client instead of --client (i.e. not --pull), but that breaks authentication for no reason (hard-coded to fail).
-
it needs a paranoid mode that does the minimum possible and exposes the smallest attack surface -plus seccomp whitelist and NNP.
-
Well that would be nice too, but just running as its own non-root user covers the biggest risks.
-
The biggest flaw is a model that treats the server as absolutely-trusted rather than assumed-compromised/malicious.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.