Unsafe Command

Got a problem with Viscosity or need help? Ask here!

cwgarner

Posts: 1
Joined: Sun Apr 02, 2017 4:32 pm

Post by cwgarner » Sun Apr 02, 2017 4:39 pm
Hello,

When using the .opvn file that gets created to connect to my openvpn server I am getting the following error: file contains an unsafe command.

I looked an the article you have about this issue but my log file is not saying which command is the issue. Here is the log file, is there something more advance that I need to turn on to get the command that is causing the issue? Thanks

Apr 02 01:37:14: Viscosity Mac 1.6.8 (1370)
Apr 02 01:37:14: Viscosity OpenVPN Engine Started
Apr 02 01:37:14: Running on Mac OS X 10.12.3
Apr 02 01:37:14: ---------
Apr 02 01:37:14: Checking reachability status of connection...
Apr 02 01:37:14: Connection is reachable. Starting connection attempt.
The configuration file contains an unsafe command (script-security).
Could not start connection: Status failure.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Apr 03, 2017 9:35 am
Hi cwgarner,

The unsafe command is "script-security":
The configuration file contains an unsafe command (script-security).
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

SpookyCow

Posts: 22
Joined: Thu Oct 29, 2015 6:30 am

Post by SpookyCow » Thu Apr 13, 2017 9:46 am
Why does Viscosity consider this an unsafe command while Tunnelblick doesn't?
I mean, the script(s) only activates once you're connected to the VPN in my case, at least.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Apr 18, 2017 8:40 pm
Hi SpookyCow,

Viscosity and Tunnelblick have very different security models. Essentially Tunnelblick requires root authentication to any change to a configuration, while Viscosity requires approval for certain commands that could potentially be used for privilege escalation. For more information please see:
http://www.sparklabs.com/support/kb/art ... -detected/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
4 posts Page 1 of 1