Configuration is not secure - bug report / proposal for change

152 views

Skip to first unread message

milan...@gmail.com

unread,

Jun 28, 2016, 9:29:17 AM6/28/16

to tunnelblick-discuss

Hello

with the latest update my VPN configurations are not working, with the error messages such as "Configuration 'nases_pikula' is not secure. It should be reinstalled."

In fact, in my case it is the exact opposite, they are more secure:

/Library/Application Support/Tunnelblick/Users/pikula/nases_pikula.tblk permissions are 0750; they should be 0755

pathIsNotSecure: pathComponentIsNotSecure(/Library/Application Support/Tunnelblick/Users/pikula/nases_pikula.tblk, 0755)

I am not happy to soften the permissions to make Tunnelblick work, so I suggest changing the pathIsNotSecure check to allow for more strict permissions than requested. Anyway, I find the relevant code in pathComponentIsNotSecure to be much more complicated than needed:

https://github.com/Tunnelblick/Tunnelblick/blame/3f056ba3db74d3d8c64faafcfa899447a4d7eea4/tunnelblick/tunnelblick-helper.m#L518

Could someone please explain the logic behind the series of checks? Wouldn't it be easier to have something like this instead?

if (perms & ~permissionsIfNot002) {

... return YES ...

}

Kind regrads

Milan Pikula

jkbull...gmail.com

unread,

Jun 29, 2016, 10:08:42 AM6/29/16

to tunnelblick-discuss, milan...@gmail.com

Hi, Milan. Thanks for bringing this up. I'm not ignoring it; I'm just busy. I will try to respond sometime later this week.

Reply all

Reply to author

Forward

0 new messages