[Bug 2846] PermitOpen rule in sshd_config is not case insensitive

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jul 2 15:59:38 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=2846

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|3302                        |

--- Comment #12 from Damien Miller <djm at mindrot.org> ---
actually, this is really fiddly to do properly.

We can't reliably roundtrip through getaddrinfo/getnameinfo because the
PermitOpen directives may refer to addresses scoped to interfaces that
may happen not to be available at the time of sshd_config parsing (e.g.
some sort of ephemeral tunnel interface). Attempting to scrub these
addresses this way could cause them to be incorrectly rejected.

So a better heuristic would be to detect the hostname case (i.e. not
path and not address) and only lowercase those. We'd also need to do
the same to hostnames coming in for forwarding requests, subject to
similar rules.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list