From be9150b693345134142d1d58fac9b251d7e7ba5d Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Wed, 5 Apr 2006 06:57:31 +0000
Subject: Added man page entry for --setenv-safe.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@989 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 openvpn.8 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'openvpn.8')

diff --git a/openvpn.8 b/openvpn.8
index 6b3711b..e87609d 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -251,6 +251,7 @@ openvpn \- secure IP tunnel daemon.
 [\ \fB\-\-server\fR\ \fInetwork\ netmask\fR\ ]
 [\ \fB\-\-service\fR\ \fIexit\-event\ [0|1]\fR\ ]
 [\ \fB\-\-setenv\fR\ \fIname\ value\fR\ ]
+[\ \fB\-\-setenv\-safe\fR\ \fIname\ value\fR\ ]
 [\ \fB\-\-shaper\fR\ \fIn\fR\ ]
 [\ \fB\-\-show\-adapters\fR\ ]
 [\ \fB\-\-show\-ciphers\fR\ ]
@@ -1812,6 +1813,17 @@ Set a custom environmental variable
 to pass to script.
 .\"*********************************************************
 .TP
+.B --setenv-safe name value
+Set a custom environmental variable
+.B OPENVPN_name=value
+to pass to script.
+
+This directive is designed to be pushed by the server to clients,
+and the prepending of "OPENVPN_" to the environmental variable
+is a safety precaution to prevent a LD_PRELOAD style attack
+from a malicious or compromised server.
+.\"*********************************************************
+.TP
 .B --disable-occ
 Don't output a warning message if option inconsistencies are detected between
 peers.  An example of an option inconsistency would be where one peer uses
-- 
cgit v1.2.3