summaryrefslogtreecommitdiffstats
path: root/openvpn.8
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn.8')
-rw-r--r--openvpn.825
1 files changed, 23 insertions, 2 deletions
diff --git a/openvpn.8 b/openvpn.8
index 921f8fb..c45f839 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -2034,9 +2034,11 @@ is a safety precaution to prevent a LD_PRELOAD style attack
from a malicious or compromised server.
.\"*********************************************************
.TP
-.B --script-security level
+.B --script-security level [method]
This directive offers policy-level control over OpenVPN's usage of external programs
-and scripts. Lower values are more restrictive, higher values are more permissive. Settings for
+and scripts. Lower
+.B level
+values are more restrictive, higher values are more permissive. Settings for
.B level:
.B 0 --
@@ -2050,6 +2052,25 @@ Allow calling of built-in executables and user-defined scripts.
.br
.B 3 --
Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
+
+The
+.B method
+parameter indicates how OpenVPN should call external commands and scripts.
+Settings for
+.B method:
+
+.B execve --
+(default) Use execve() function on Unix family OSes and CreateProcess() on Windows.
+.br
+.B system --
+Use system() function (deprecated and less safe since the external program command
+line is subject to shell expansion).
+
+The
+.B --script-security
+option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility
+with previous OpenVPN versions, use:
+.B --script-security 3 system
.\"*********************************************************
.TP
.B --disable-occ