hiddify-next icon indicating copy to clipboard operation
hiddify-next copied to clipboard

Published 20 hours ago verified publisher icon hiddify

Ubuntu VPN mode permission

Open papampi opened this issue 1 year ago • 5 comments
trafficstars

What Happened?

When set service mode to VPN instead of asking for permission to create tun device it just wants to run the whole appimage as root or change the service mode.

Screenshot from 2023-12-05 11-49-00

Reproduce the Bug

Set service mode to VPN

Expected Behavior

usually it should just ask for permission to create tun and route system through VPN.

Version

0.11.1

Platform/OS

Linux

papampi avatar Dec 05 '23 08:12 papampi

for VPN mode on linux you will need to run the appimage with sudo permission, open the terminal in the app directory and this should do it: sudo ./name-of-the-app.AppImage

amin2plus avatar Dec 06 '23 05:12 amin2plus

for VPN mode on linux you will need to run the appimage with sudo permission, open the terminal in the app directory and this should do it: sudo ./name-of-the-app.AppImage

You are joking, right? Either you don't know anything about linux or didn't read the bug.

Running a VPN appimage with sudo privileges can pose a security risk. Here are a few technical issues associated with running the appimage with sudo:

  1. Elevated Privileges: When you run an application with sudo, it gains root access to your system. This means that the application has the ability to perform actions with unrestricted privileges, potentially compromising the security of your system. If there are any vulnerabilities or malicious code within the VPN appimage, running it with sudo could allow those issues to escalate and potentially lead to unauthorized access or control over your system.

  2. Attack Surface: By running the VPN appimage with sudo, you increase the attack surface of your system. If the appimage contains any vulnerabilities, an attacker could potentially exploit those vulnerabilities to gain unauthorized access to your system or perform malicious activities. Running the appimage with elevated privileges unnecessarily expands the scope of potential attacks.

  3. Trust and Verification: When you run an application with sudo, you inherently trust that the application is safe and does not contain any malicious code. However, verifying the integrity and security of an appimage can be challenging, especially if it is not from a trusted source. Running the appimage with sudo bypasses the usual security measures and makes it difficult to ensure that the appimage is safe to execute.

  4. Least Privilege Principle: The principle of least privilege states that a user or application should only have the minimum privileges necessary to perform its intended tasks. Running the VPN appimage with sudo violates this principle because it grants unnecessary and excessive privileges to the application. It is always advisable to follow the principle of least privilege to minimize the potential impact of any security breaches or vulnerabilities.

To mitigate these issues, it is recommended to use alternative methods to create the tun device without requiring sudo privileges. This can be achieved by configuring the appropriate permissions for the tun device or utilizing other mechanisms such as udev rules or systemd services to grant the necessary privileges to the VPN appimage without running it with sudo. By doing so, you can maintain a more secure environment while ensuring the proper functioning of the VPN application.

papampi avatar Dec 06 '23 07:12 papampi

Nope, not joking at all, it's the same on windows and Mac, you'll need administrator privileges to run it on the system level, of course you can always use proxy mode if you don't prefer system level VPN

amin2plus avatar Dec 06 '23 16:12 amin2plus

We have already begun working on that.

hiddify-com avatar Dec 06 '23 16:12 hiddify-com

Nope, not joking at all, it's the same on windows and Mac, you'll need administrator privileges to run it on the system level, of course you can always use proxy mode if you don't prefer system level VPN

Well, as I said earlier! Running any application with elevated privileges can introduce serious security risks on any operating system. When an application has unnecessary administrative privileges, it gains more power and control over your system, which can lead to various security issues.

It's important to prioritize the security of your system, and granting elevated privileges to applications should be avoided whenever possible. Fortunately, the Hiddify team is aware of this security flaw and is actively working to address it. In the meantime, it's best to refrain from using the VPN mode option until the issue is resolved.

By taking a cautious approach and being mindful of the security implications, you can help ensure the safety of your system and protect your sensitive information.

papampi avatar Dec 08 '23 10:12 papampi

This issue will be transformed to the project and I will close it here.

lymanjre avatar Jan 27 '24 12:01 lymanjre