[Bug 1256] unix domain sockets support
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Oct 30 19:12:57 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1256
Summary: unix domain sockets support
Product: Portable OpenSSH
Version: 4.4p1
Platform: Other
OS/Version: All
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: tneumann at users.sourceforge.net
It would be nice if ssh could forward unix domain sockets in addition
to TCP ports. The main reasons for this are better security and a nicer
namespace: If I use ssh to access a remote service (e.g. VNC), my
forward is visible to all other users on the same machine. First, this
means that some care is required to make sure that the choosen port is
still free, and second, all other users can access the remote service
using my forwarded port. This is unfortunate if the remote services has
a weak or no access control.
Using unix domain sockets provides as natural namespace to avoid
collisions and allows using filesystem permissions to grant or deny
access.
There is already a patch against OpenSSH that provides unix domain
socket support
http://www.25thandclement.com/~william/projects/streamlocal.html
which might be used as a base.
(It is probably known to the OpenSSH developers, but as I could not
find an corresponding Bugzilla entry I filed an enhancement request).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list