Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Fun with NULL pointers, part 1
Posted Jul 21, 2009 16:10 UTC (Tue) by dwmw2 (subscriber, #2063)
"apparently some udev script which makes it world rw, I'm told (but haven't verified) that some VPN program changes it so they can run as normal users..."
It's been possible to make tun devices that can be used by non-root since February 2002.
However, it was only in June 2006 that we made it reasonable to have 0666 permissions on /dev/net/tun, by adding the CAP_NET_ADMIN checks before creating new devices.
The OpenConnect VPN client, when used in conjunction with its NetworkManager plugin, will use this facility to run as its own unprivileged user. After the stupid tmpfile races we saw in Cisco's own client which runs as root, it seemed like an appropriate design choice for limiting security exposure (even though I couldn't possibly be as incompetent as the Cisco engineers).
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds