[Bug 1256] unix domain sockets support

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Oct 30 19:12:57 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1256

           Summary: unix domain sockets support
           Product: Portable OpenSSH
           Version: 4.4p1
          Platform: Other
        OS/Version: All
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: tneumann at users.sourceforge.net


It would be nice if ssh could forward unix domain sockets in addition
to TCP ports. The main reasons for this are better security and a nicer
namespace: If I use ssh to access a remote service (e.g. VNC), my
forward is visible to all other users on the same machine. First, this
means that some care is required to make sure that the choosen port is
still free, and second, all other users can access the remote service
using my forwarded port. This is unfortunate if the remote services has
a weak or no access control.
Using unix domain sockets provides as natural namespace to avoid
collisions and allows using filesystem permissions to grant or deny
access.

There is already a patch against OpenSSH that provides unix domain
socket support

http://www.25thandclement.com/~william/projects/streamlocal.html

which might be used as a base.

(It is probably known to the OpenSSH developers, but as I could not
find an corresponding Bugzilla entry I filed an enhancement request).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list