[Bug 2625] Support Capabilities for ssh client port forwarding

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Oct 24 10:50:44 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2625

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2880
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2880
Don't require a root if there is CAP_NET_BIND_SERVICE

I'm ok with doing something like this but the patch currently needs
some work:
 - unconditionally linking against libcap will break every other
platform that doesn't have it.  Ditto the actual function calls.
 - putting the libcap interface code inline in readconf.c will make
maintenance of that file harder as future changes need to be pulled in,
and that file changes a lot.
 - there is the equivalent check in sshd, which this code does not
address.

I've started by factoring this check out into its own function:
https://anongit.mindrot.org/openssh.git/commit/?id=1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5

>From there we needs to add the appropriate configure time
--with-capabilities flag and add the code inside #ifdef
USE_CAPABILITIES inside misc.c:bind_permitted().

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list