security: filter 'plugin' directive in OpenVPN config to prevent LPE

[MichaelSovereign]

Summary

This PR fixes a critical local privilege escalation (LPE) vulnerability (Issue #313) where an unprivileged user can execute arbitrary code as root by injecting an OpenVPN plugin directive into the configuration.

Changes

• Helper (Linux/macOS): Added plugin to the list of blocked directives in writeOVPNFile(). This prevents the privileged helper from writing a malicious plugin path to the final OpenVPN config.
• Client: Added plugin to kUnsafeCommands in ExtraConfig::isLegalOpenVpnCommand(). This prevents the client from accepting the directive from windscribe_extra.conf.

Impact

Prevents local users from escalating to root via malicious shared objects loaded by OpenVPN.

[hett-patell]

Is this meant to be public?

[MichaelSovereign]

@hett-patell The issue was reported publicly on this repository (Issue #313). As this is a critical security fix for a public report, a public PR is the standard procedure to address it immediately. My goal is to secure the application for all users.

[bernerdad]

Thank you for the contribution!

[ltguillaume]

What? Why is this merged?

1. You're not using any pull requests in this repo, because it is a "mirror" of your internally used repo
2. @yegors said this was already fixed internally ([BUG] Local Privilege Escalation to Root in Windscribe Desktop via OpenVPN Plugin Injection #313 (comment))

[bernerdad]

So that anyone currently building from this repo has a fix for this while waiting for us to mirror the 2.22 build here.

[ltguillaume]

That makes sense. Thanks!