From 1c7606cea18e908cf76201ce1534b0afdc04cc89 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 13 Nov 2020 03:10:00 +0100
Subject: manager: allow S-1-5-32-556 users to launch a limited UI

I still have serious security reservations about this, both conceptually
-- should users be allowed to do this stuff? -- and pratically -- there
are issues with this implementation that need some examination.

TODO:
- Is that registry key a secure path? Should we double check it?
- Are we leaking handles to the unpriv'd process from the manager? Audit
  this too.
- IPC notifications are blocking. Should we move this to a go routine to
  mitigate DoS potential?
- Is GOB deserialization secure? Can an NCO user crash or RCE the
  manager?

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 conf/config.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'conf/config.go')

diff --git a/conf/config.go b/conf/config.go
index f5f25add..1ce1988d 100644
--- a/conf/config.go
+++ b/conf/config.go
@@ -84,7 +84,7 @@ func (r *IPCidr) IPNet() net.IPNet {
 func (r *IPCidr) MaskSelf() {
 	bits := int(r.Bits())
 	mask := net.CIDRMask(int(r.Cidr), bits)
-	for i := 0; i < bits / 8; i++ {
+	for i := 0; i < bits/8; i++ {
 		r.IP[i] &= mask[i]
 	}
 }
@@ -238,3 +238,11 @@ func (conf *Config) DeduplicateNetworkEntries() {
 		peer.AllowedIPs = peer.AllowedIPs[:i]
 	}
 }
+
+func (conf *Config) Redact() {
+	conf.Interface.PrivateKey = Key{}
+	for i := range conf.Peers {
+		conf.Peers[i].PublicKey = Key{}
+		conf.Peers[i].PresharedKey = Key{}
+	}
+}
-- 
cgit v1.2.3-59-g8ed1b