[TriLUG] NetExtender VPN Client on Linux leaves resolv.conf clobbered

[Brian via TriLUG]

On 8/17/20 5:57 PM, Thomas Delrue wrote:
> On 8/17/20 10:10 AM, Brian via TriLUG wrote:
> If 'his' software changes it, it is his responsibility to change it back
> when done.

That's kind of what I was thinking.  This tech guy would not accept 
that, insisting that the software was fine.  I sort of suspect that 
their secret orders are when handling a call for a Linux client, put on 
a good show and then insist it's the user's computer's fault.

>> In the mean time, I've just written a script that copies the original to
>> a safe place and then copies it back after NetExtender exits, but I
>> shouldn't have to do that (and it requires privilege escalation)...
> 
> Based on the product behavior's description, so does activating and
> deactivating the VPN - as it requires the ability to change that file.

I'm assuming it must have some setuid behavior, as I don't have to sudo 
the client (but I have to sudo the cp to copy the old resolv.conf back 
in place).  The details are already hazy, but I expect I had to run some 
installer as root.

Ah well.  Neither I nor the head of IT at the company think of SonicWall 
as the first choice for a VPN solution, but this setup predates either 
of us and change is often not worth the growing pains if it mostly 
works.  I'm the only one in the company accessing the VPN from a linux 
software client, so I don't expect much...

Thanks for the knowledge!

-Brian