Require script-security 2 when using unix: tun

Since this executes an executable from an arbitrary path, it should follow
the same rules as other scripts/executable.

Reported-By: Petr Simecek, Pavel Kohout and Stanislav Fort from Aisle Research
Change-Id: I89dcab24ba510094ce1672e382960bf15def310a
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1465
Message-Id: <20260113072750.16015-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35223.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c
index c41048058f78435971c0fb35c4a4e1d9bd7d285c..a67a472fa263052fd397d55dc2e73db0bdec91f7 100644 (file)
--- a/src/openvpn/tun_afunix.c
+++ b/src/openvpn/tun_afunix.c
@@ -61,7 +61,10 @@ tun_afunix_exec_child(const char *dev_node, struct tuntap *tt, struct env_set *e
 
     argv_printf(&argv, "%s", program);
 
-    tt->afunix.childprocess = openvpn_execve_check(&argv, env, S_NOWAITPID, msgprefix);
+    /* exit when executing fails to easier spot errors here and treat this
+     * command like an external script */
+    int flags = S_NOWAITPID | S_SCRIPT | S_FATAL;
+    tt->afunix.childprocess = openvpn_execve_check(&argv, env, flags, msgprefix);
     if (!openvpn_waitpid_check(tt->afunix.childprocess, msgprefix, M_WARN))
     {
         tt->afunix.childprocess = 0;