[vpnc-devel] vpnc intended to run as normal user ?

[David Woodhouse]

On Tue, 2010-04-13 at 15:54 +0200, Felix Möller wrote:
> On 13.04.2010 15:46, Raymond Wooninck wrote:
> > I am packaging vpnc for openSUSE and we received a bugreport that the
> > tun device can not be created when running it as normal user. When
> > running under root everything works as expected.
> >
> > For me this would be the normal circumstances (running as root) as that
> > network devices, etc are being created. However the user indicates that
> > vpnc is intended to be run as a normal user.
> >
> > I would like to have your opinion on this.
>
> there is NetworkManager-vpnc, which can be run as user. But the real 
> vpnc is supposed to be called as root AFAIK.

That may not be necessary. It's possible for NetworkManager to create
the device in advance and then run the VPN dæmon as an unprivileged
user. See how NetworkManager-openconnect does this, for example.

If you create a device in advance, using iproute2 from the git tree¹ and
'ip tuntap add dev vpn0 user $USER mode tun', you may find that you can
run vpnc as that $USER as long as you specify '--ifname vpn0' so that
it's using the device that was created for it in advance.

That probably only works if you're using UDP encapsulation, since it
would want root privs to open the SOCK_RAW socket for ESP. In fact, if
it relies on being able to bind to UDP port 500, it still might fail.
But those could be solved if anyone _really_ wanted to make it run as
non-root, which does make a lot of sense from a security POV.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation

¹ http://git.kernel.org/?p=linux/kernel/git/shemminger/iproute2.git;a=commitdiff;h=580fbd88