[Bug 1903] bindresvport_sa() does not validate non-zero struct sockaddr * port is within intended range

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jan 23 20:00:00 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=1903

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |dtucker at dtucker.net
         Resolution|---                         |FIXED

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
We fixed this in a manner of speaking by removing support for running
ssh as root and binding to a low-numbered ports in OpenSSH 7.8.

https://www.openssh.com/releasenotes.html#7.8 says:

"""
 * ssh(1): remove vestigal support for running ssh(1) as setuid. This
   used to be required for hostbased authentication and the (long
   gone) rhosts-style authentication, but has not been necessary for
   a long time. Attempting to execute ssh as a setuid binary, or with
   uid != effective uid will now yield a fatal error at runtime.
"""

For anyone still requiring the low-numbered port functionality for
legacy reasons we recommend a small setuid helper ProxyCommand or some
source-NAT trickery.

Thanks for the report.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list