[Bug 1295] [PATCH] Transparent proxy support on Linux

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Mar 16 00:56:52 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1295





------- Comment #6 from dtucker at zip.com.au  2007-03-16 00:56 -------
(In reply to comment #5)
> Nice idea, but why does this need to be in ssh (which would need to
> then run as root)

It doesn't necessarily need to run as root.

On Linux, it doesn't require any privilege at all.

On OpenBSD, it needs write access to /dev/pf (I asked the pf guys if
there was another way to do it but there wasn't).  You could make it
setgid, and you could mitigate by opening /dev/pf early then revoking
privileges and keeping the descriptor open.

> and not some little "nat-to-socks" tool, or just as a
> mode to netcat? That way it would not bloat ssh, and could also be
> used to automatically Tor-ify applications.

Now that might be worth investigating.  I looked for such a tool but
didn't find one (not that it means it doesn't exist, just that I didn't
find it).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


More information about the openssh-bugs mailing list