disable install of helper files in anything other than bundle
Currently, the bundle has a possible path of privileged execution of arbitrary code. An atacker that is able to write to the (user-owned) path from where the helper installs some files to a root-owned location is able to replace openvpn and the policy file to anything, that will be executed with root privileges.
To minimize the possibility of writing malicious code to system paths, we could:
- disable the possibility of installing helper files by default. Only enable this by using a flag that we change in the bundle.
- refuse to install the polkit file if it's there (case of bundle running on a system that already has bitmask installed. rare, but could happen )
- try to run system openvpn first, if installed, and encourage bundle users to install openvpn as a prerequisite from the distribution.
Besides this, I think we should change the "helper files needed" dialog to stress that you should not see that if you've not messed with the files.
(from redmine: created on 2014-05-08, closed on 2014-06-26, relates #5634 (closed), relates #5626 (closed), relates #5592 (closed), relates #5651 (closed), precedes #5838 (closed))