Can openvpn (client) be setup completely sandboxed/no-root? Anyone have links to a guide for doing so?
Using --tls-client instead of --client (i.e. not --pull), but that breaks authentication for no reason (hard-coded to fail).
-
-
it needs a paranoid mode that does the minimum possible and exposes the smallest attack surface -plus seccomp whitelist and NNP.
-
Well that would be nice too, but just running as its own non-root user covers the biggest risks.
-
The biggest flaw is a model that treats the server as absolutely-trusted rather than assumed-compromised/malicious.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.