[Bug 2846] PermitOpen rule in sshd_config is not case insensitive

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Apr 6 13:32:15 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2846

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2852
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
It would be better to compare FQDNs case-insensitively. There are some
corner cases that make implementation a bit more tricky:

The same ForwardPermission members are used for FQDNs, addresses (which
are treated as strings anyway) and Unix domain socket paths.

FQDNs are the only ones of these that should be simply compared
case-insensitively. Paths are obviously case-sensitive, but
surprisingly addresses can be too: IPv6 addresses may have an interface
scope that is case-sensitive on some platforms. See bug #2763 for an
example of this.

IMO the best way to approach this would be when we are parsing the
configuration by doing something similar to what ssh does with
hostnames.

If it's a Unix domain socket path, leave it alone.

If it looks like address, give it a round-trip through getaddrinfo
w/AI_NUMERICHOST and getnameinfo. To render it as a canonical string.

Otherwise, it's a fqdn and lowercase it.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list