From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57AD7C3E8C5 for ; Sun, 29 Nov 2020 19:45:12 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 791B920771 for ; Sun, 29 Nov 2020 19:45:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Yc+EKvjM" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 791B920771 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id d4ca47b4; Sun, 29 Nov 2020 19:38:46 +0000 (UTC) Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [2a00:1450:4864:20::230]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 99797c68 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Sun, 29 Nov 2020 19:38:45 +0000 (UTC) Received: by mail-lj1-x230.google.com with SMTP id y10so13614222ljc.7 for ; Sun, 29 Nov 2020 11:44:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xMypGwCWA3gs8VXDahgxhsiapmkvPUBkhXAerSMGLVM=; b=Yc+EKvjMVxMRGVMkIpKg64RviQOgLfgto3Me+ncDyvr5Rv4lhlTh+TvKdn16eocgwi a+uxhlNlx14S+aKYsKVDxloTwBArgrXxFCIWSkjK+/plWUqACUiCEQdqnvRB6Y+2W35m EAYh8XhykQ32J02en36OzYpL/M+xySd2VKMW5bttLUa7mcOnCgyo7s/ItSKAYQ46WX9R laxERvgP7J+LulwkLYKZuh2f4T2xKmqU+T0B8pklfYlFATxX5W3oxkSdhrvZt1OSsYeO ZRvpE4hvXg/bbNNzjTCImTGHBIl6bgEd4wEcwh1vSOquyK34OvSHYWRikTUASZUGgx1p s9vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xMypGwCWA3gs8VXDahgxhsiapmkvPUBkhXAerSMGLVM=; b=hVXHIqV9UQ+sNktHkE51SKlioCSvlhl0FbmN/plklZFAaij0qbg5haVHdSCpYAb4+4 3CJub1fqnoU5yNwTcpl4BHltiAUa4LIl+y2eL+rWEX9M++CJOJJtatxK+6oTWijjgFFH Zs5oKy/K7YW5sxg9U/vcOBY5LaNX1Ar9aoJxo7yfry/jc3//GZNjBxPyflBkU6MLgXBp +WVyFihjQCWp2SAwbyAyeKriquumBykxyboZzmffZbN5kKCJqiPBOcUiZV5VEc/crYZi yW58CKE0i+5nV0XlDm6T7oa0YXMjrj4UrvDCgOEm3D9g5Tm+jptl68BhVGzy9pwS0SxN 7J3Q== X-Gm-Message-State: AOAM533h58GLgyaMLrvj9a9swNBDnak6qXfFaUr4AMvSrt6ezKka9sMf Ng5/A+hYbq6LZrKQOjsShkCwFYUceQiv+g48GyA= X-Google-Smtp-Source: ABdhPJzej1XJj2eCfviXnq8/yltUeAQ1Xu3s6JYCxsXuX7EwAy9K44cOWQcq7JHPfyUmNLikYqu6MI1QYMrAfti7biw= X-Received: by 2002:a2e:b0e6:: with SMTP id h6mr7952765ljl.196.1606679095304; Sun, 29 Nov 2020 11:44:55 -0800 (PST) MIME-Version: 1.0 References: <8bf9e364f87bd0018dabca03dcc8c19b@mail.gmail.com> <3b4f9ec2-2f50-25c9-0e27-7ca0d2f16943@maidenheadbridge.com> In-Reply-To: From: Phillip McMahon Date: Sun, 29 Nov 2020 20:44:20 +0100 Message-ID: Subject: Re: Using WireGuard on Windows as non-admin - proper solution? To: "Jason A. Donenfeld" Cc: Adrian Larsen , Clint Dovholuk , Riccardo Paolo Bestetti , WireGuard mailing list Content-Type: text/plain; charset="UTF-8" X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" Hey Jason, Won't drag this already long and confusing thread out. Not challenging the current implementation, just the notion that any other suggestion is a dead end and the topic is closed. I will continue to use wg daily and now add in the non-admin elements to test those out too. Appreciate the progress here and all that hard work. Phill On Sun, 29 Nov 2020 at 18:52, Jason A. Donenfeld wrote: > > Hi Phillip, > > On Sun, Nov 29, 2020 at 2:40 PM Phillip McMahon > wrote: > > I have been following the wider thread and maybe I misunderstood but > > believe the solution requires some registry tweaks and membership to > > the Network Operators Group, along with Windows Home requiring the > > creation of a group not officially supported on that platform. Correct > > or not? > > > > It was with all the in mind that I wrote the two points. > > I must admit I misunderstood your first message. Sorry for that. I > understand you now to be questioning two things: > > - That this is gated behind a registry key; > - That it works by using the network operators group. > > The first point is something I could imagine changing down the line as > we learn more about the NCO group's usage. To start, and for now, I > prefer to put "risky" settings behind a flag. > > But the latter point I'm much more hesitant to change. You recalled > that I was initially entirely wary of this feature all together. This > is true. It was only upon hearing the excellent idea of the NCO group > that it became tenable for me. The reason is that the NCO group is a > preexisting designation as part of the operating system that confers > these privileges. And there's an easy argument to be made that adding > the ability to stop/start tunnels does not add anything extra beyond > what NCO can already do (like changing IP addresses or disabling > adapters). Therefore, the brilliance of the NCO suggestion, in my > mind, was that we're not adding any additional holes to the Windows > security model. That makes it very compelling to me. > > It seems like you want to go back to challenge the initial hesitation > again: maybe we _should_ add additional caveats to the existing > Windows model, you suggest. Maybe. But if we can avoid doing so, I > really would prefer that, and it seems like NCO group strikes a good > balance. > > What's the situation you have in mind in which an administrator would > permit a user to enable and disable tunnels but would not permit the > other privileges conferred by NCO? What is the impedance mismatch that > you are thinking about? > > Jason -- Use this contact page to send me encrypted messages and files https://flowcrypt.com/me/phillipmcmahon P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.