[Bug 1295] [PATCH] Transparent proxy support on Linux
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 16 00:56:52 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1295
------- Comment #6 from dtucker at zip.com.au 2007-03-16 00:56 -------
(In reply to comment #5)
> Nice idea, but why does this need to be in ssh (which would need to
> then run as root)
It doesn't necessarily need to run as root.
On Linux, it doesn't require any privilege at all.
On OpenBSD, it needs write access to /dev/pf (I asked the pf guys if
there was another way to do it but there wasn't). You could make it
setgid, and you could mitigate by opening /dev/pf early then revoking
privileges and keeping the descriptor open.
> and not some little "nat-to-socks" tool, or just as a
> mode to netcat? That way it would not bloat ssh, and could also be
> used to automatically Tor-ify applications.
Now that might be worth investigating. I looked for such a tool but
didn't find one (not that it means it doesn't exist, just that I didn't
find it).
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list