[Bug 2625] Support Capabilities for ssh client port forwarding
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Oct 24 10:50:44 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2625
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2880
--> https://bugzilla.mindrot.org/attachment.cgi?id=2880
Don't require a root if there is CAP_NET_BIND_SERVICE
I'm ok with doing something like this but the patch currently needs
some work:
- unconditionally linking against libcap will break every other
platform that doesn't have it. Ditto the actual function calls.
- putting the libcap interface code inline in readconf.c will make
maintenance of that file harder as future changes need to be pulled in,
and that file changes a lot.
- there is the equivalent check in sshd, which this code does not
address.
I've started by factoring this check out into its own function:
https://anongit.mindrot.org/openssh.git/commit/?id=1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5
>From there we needs to add the appropriate configure time
--with-capabilities flag and add the code inside #ifdef
USE_CAPABILITIES inside misc.c:bind_permitted().
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list