| Message ID | 20250429051450.32551-1-kn@openbsd.org |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:31a6:b0:656:592e:a137 with SMTP id u6csp36741mac;
Mon, 28 Apr 2025 22:15:23 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCUhSc1zq7G54otd+oOYKkakBMVD4HSWTmNvRjQ7rEOI0guQAyJk7GhxJ/HfdMKXOAwm8V0SIpxiNC8=@openvpn.net
X-Google-Smtp-Source:
AGHT+IHaLAZsyTLlm5NJTk0jhqAbI8Jy/yaDLE4oCKECUsH6m9bXSWVFnN8I+Mf2m0AXGzr3EbUo
X-Received: by 2002:a05:6870:2dc9:b0:2d4:c1f4:4309 with SMTP id
586e51a60fabf-2da4591c5e8mr1061300fac.0.1745903723598;
Mon, 28 Apr 2025 22:15:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1745903723; cv=none;
d=google.com; s=arc-20240605;
b=U1E1LOOHSJckO9uh1ALnSBBpNtXidJGRdgD9Pz8IibijyJTE0WtmGsoU4qTmZg2Tf0
UZ9dnp1YqOOdOzC4tmmcjPA2NCI6TvtyYxPrPWfgeXxaM7QIpyLPyJWuIWLty+2U68U7
29RXlOcKxCYAVOEJovECldFblq61YiNKYnIFF4zWt7+7NUaZ68t9izHZ8zU6Wyygwizx
0ojFiWWKU2UWky/qTG5iNKXQJIc/G5Bh8kkp5BYuF45NKlwFGT91dJLYTVLiI53Io7me
A4pAiDI9TVTROcIhaCEdu3HlOQ3DhTs8n32gpQ26Wjr/+Qx+LTrravwNtE0d0jOrDaKi
myfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=TRNMMxC2QBFQqe4AR4rG5m8fZ99xXRkk7opEEJwCFqw=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=IZfJQzP7PFCC8wudKnr4gC5rmqn/katWfCs5aEsLWn1k0T4cgAPje46NamHKo7MANP
cA6xK+DCC3sTy1134rAwtcP1UqFYUbCR1dzAndVR75q+/SbvL8KNaw/Z77qUwBVYn9sj
AN2HiuJJOJpqNZ40ESSuEdRBzofyGaGnwXxV/r+5WXdrS4/Lpd0tImvp+a8wcYjCd94y
QXuOvj5b+ppotkRx+Fo8EJGUtMeD2UBBrRhpW6pOh0UCZhX1qbYHmTR7eC+HfOe7qDnY
0ae7d8Gi5kHT9YQ1NBW0YO4yQeCf7HcjqFSaaGFpOZD1QbkMIIwDD7+rAwz1JU+VNsKW
64rA==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=cW+TAxVf;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b="N/MOf9Fw";
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=dXFJnmQg;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
46e09a7af769-7308b115f79si439100a34.77.2025.04.28.22.15.23
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 28 Apr 2025 22:15:23 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=cW+TAxVf;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b="N/MOf9Fw";
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=dXFJnmQg;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=TRNMMxC2QBFQqe4AR4rG5m8fZ99xXRkk7opEEJwCFqw=; b=cW+TAxVfIthJ9Jo2EAqvOU8g9U
vRxTfrwpXyxHMz0u9EAwHiOiGSm1oX9AQhuRlxBq56HYmcpaABBNPn84tom5GhiwaQ1cYeSlwWJh0
yAuh56Gkz0Mh7WDQGzxrpMiVhr6au2In4WB2Yrfgp7kenPBp+/3lskscH51N2vqvUh4Y=;
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1u9dJN-0005eW-9d;
Tue, 29 Apr 2025 05:15:17 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <kn@openbsd.org>) id 1u9dJL-0005eD-AP
for openvpn-devel@lists.sourceforge.net;
Tue, 29 Apr 2025 05:15:15 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Subject:Content-Transfer-Encoding:MIME-Version:
References:In-Reply-To:Message-ID:Date:To:From:Sender:Reply-To:Cc:
Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=Y/BZEqkCM5qwnPScb7hmIQq1HDZwA8DJwrfHL1lE5VQ=; b=N/MOf9FweoKF+9jdQdtUPJZ3s3
Xg/jpQLoL0RV7uXrh+tycETMTelAt1YFE8jfpVQ2A6Z5VQkCrZZ+Lc3hHwDk2TetQqqiFCuiFEwM2
GO7DOw+WmrfZSExSKM+V2zSCYOv5udov5Ofw9b0viCFXb2J6Zladr+kRFHHlFKi9VpQQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Subject:Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:
Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=Y/BZEqkCM5qwnPScb7hmIQq1HDZwA8DJwrfHL1lE5VQ=; b=dXFJnmQgTTCr5hgozztS5oUSzl
51D5T/jQFVSfzNUu4Hq+nATpjnRfM7LfmgujNDZN35nCdY9QxubdaAEFFuYY0Xo450Zqv56EZNi6i
phLdbV4+oF8KnPZhayzuO0kKuSWcjG/S8TH78rnm9Qd9OLNR3GYQLHrydN0h+kCyn/p4=;
Received: from 94-29-31-189.dynamic.spd-mgts.ru ([94.29.31.189]
helo=localhost)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1u9dJ4-0003k4-UG for openvpn-devel@lists.sourceforge.net;
Tue, 29 Apr 2025 05:15:15 +0000
Received: from localhost (localhost [local])
by localhost (OpenSMTPD) with ESMTPA id 32302afc
for <openvpn-devel@lists.sourceforge.net>;
Tue, 29 Apr 2025 08:14:51 +0300 (MSK)
From: Klemens Nanni <kn@openbsd.org>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 29 Apr 2025 08:14:50 +0300
Message-ID: <20250429051450.32551-1-kn@openbsd.org>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <20250428214629.49104-1-kn@openbsd.org>
References: <20250428214629.49104-1-kn@openbsd.org>
MIME-Version: 1.0
X-Helo-Check: bad, Not FQDN (localhost)
X-Spam-Score: 8.9 (++++++++)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: As per the manual, it is subject to `chroot` and used only
by `client-connect` and `plugin`. Without additional code being run and
`chroot /var/empty/` (amongst `user`, `persist-*`,
etc.) set to reduce run-time privileges
as much as possible, the default temporary is still required upon start [...]
Content analysis details: (8.9 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 TVD_RCVD_IP Message was received from an IP address
3.6 HELO_LOCALHOST No description available.
0.0 FSL_HELO_NON_FQDN_1 No description available.
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[94.29.31.189 listed in zen.spamhaus.org]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[94.29.31.189 listed in sa-trusted.bondedsender.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[94.29.31.189 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
X-VA-Spam-Flag: YES
X-Spam-Flag: YES
X-Headers-End: 1u9dJ4-0003k4-UG
Subject: [Openvpn-devel] [SPAM] [PATCH] Skip tmp-dir check unless actually
used
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1830712742817702750?=
X-GMAIL-MSGID: =?utf-8?q?1830712742817702750?=
|
| Series |
[Openvpn-devel,SPAM] Skip tmp-dir check unless actually used
|
expand
|
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 96119c48..effa8d0f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4149,8 +4149,17 @@ options_postprocess_filechecks(struct options *options) /* ** Config related ** */ errs |= check_file_access_chroot(options->chroot_dir, CHKACC_FILE, options->client_config_dir, R_OK|X_OK, "--client-config-dir"); - errs |= check_file_access_chroot(options->chroot_dir, CHKACC_FILE, options->tmp_dir, - R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)"); + + msg(M_WARN|M_NOPREFIX, "tmp_dir = '%s'", options->tmp_dir); + if (options->client_connect_script +#ifdef ENABLE_PLUGIN + || options->plugin_list +#endif /* ENABLE_PLUGIN */ + ) + { + errs |= check_file_access_chroot(options->chroot_dir, CHKACC_FILE, options->tmp_dir, + R_OK|W_OK|X_OK, "Temporary directory (--tmp-dir)"); + } if (errs) {