diff options
Diffstat (limited to 'openvpn/src/openvpn/init.c')
| -rw-r--r-- | openvpn/src/openvpn/init.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/openvpn/src/openvpn/init.c b/openvpn/src/openvpn/init.c index b2013923..cd5ebd3d 100644 --- a/openvpn/src/openvpn/init.c +++ b/openvpn/src/openvpn/init.c @@ -2488,6 +2488,13 @@ do_option_warnings (struct context *c) msg (M_WARN, "NOTE: --connect-timeout option is not supported on this OS"); #endif + if (script_security >= SSEC_SCRIPTS) + msg (M_WARN, "NOTE: the current --script-security setting may allow this configuration to call user-defined scripts"); + else if (script_security >= SSEC_PW_ENV) + msg (M_WARN, "WARNING: the current --script-security setting may allow passwords to be passed to scripts via environmental variables"); + else + msg (M_WARN, "NOTE: " PACKAGE_NAME " 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables"); + if (script_method == SM_SYSTEM) msg (M_WARN, "NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion"); } |