Added man page entry for --setenv-safe.

author james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>

Wed, 5 Apr 2006 06:57:31 +0000 (06:57 +0000)

committer james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>

Wed, 5 Apr 2006 06:57:31 +0000 (06:57 +0000)
author james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Wed, 5 Apr 2006 06:57:31 +0000 (06:57 +0000)
committer james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Wed, 5 Apr 2006 06:57:31 +0000 (06:57 +0000)
diff --git a/openvpn.8 b/openvpn.8

index 6b3711b4e7748c426fbd1c6e9bf60c55e2866daa..e87609d6182a1274972b8c897719c014dfcffb9d 100644 (file)
--- a/openvpn.8
+++ b/openvpn.8
@@ -251,6 +251,7 @@ openvpn \- secure IP tunnel daemon.
  [\ \fB\-\-server\fR\ \fInetwork\ netmask\fR\ ]
  [\ \fB\-\-service\fR\ \fIexit\-event\ [0|1]\fR\ ]
  [\ \fB\-\-setenv\fR\ \fIname\ value\fR\ ]
+[\ \fB\-\-setenv\-safe\fR\ \fIname\ value\fR\ ]
  [\ \fB\-\-shaper\fR\ \fIn\fR\ ]
  [\ \fB\-\-show\-adapters\fR\ ]
  [\ \fB\-\-show\-ciphers\fR\ ]
@@ -1812,6 +1813,17 @@ Set a custom environmental variable
  to pass to script.
  .\"*********************************************************
  .TP
+.B --setenv-safe name value
+Set a custom environmental variable
+.B OPENVPN_name=value
+to pass to script.
+
+This directive is designed to be pushed by the server to clients,
+and the prepending of "OPENVPN_" to the environmental variable
+is a safety precaution to prevent a LD_PRELOAD style attack
+from a malicious or compromised server.
+.\"*********************************************************
+.TP
  .B --disable-occ
  Don't output a warning message if option inconsistencies are detected between
  peers.  An example of an option inconsistency would be where one peer uses
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
	Wed, 5 Apr 2006 06:57:31 +0000 (06:57 +0000)
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
	Wed, 5 Apr 2006 06:57:31 +0000 (06:57 +0000)