[Bug 3802] New: Secure forwardings, check connecting user
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Mar 20 11:12:24 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3802
Bug ID: 3802
Summary: Secure forwardings, check connecting user
Product: Portable OpenSSH
Version: 9.9p2
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: psz at maths.usyd.edu.au
Openssh tries to keep port forwardings secure e.g. via the GatewayPorts
setting; -X may be secured with xauth, and forwarding UNIX sockets may
be safe. Still, IP forwarding is unsafe on multi-user machines: anyone
can connect to -L and -D forwardings when the ssh client machine is
multi-user, or to -R forwardings when the sshd server machine is
multi-user.
Please secure IP forwardings by checking the connecting user, ensuring
same user as that of the ssh client, or the one logged in to sshd.
These checks would be similar to say identd:
https://en.wikipedia.org/wiki/Ident_protocol
easy on Linux (via netlink calls or looking in /proc/net/tcp), and
probably possible on Windows and MacOS. (I do not know about others.)
If it would help, I may try to provide patches for Linux.
Thanks, Paul
--
Paul Szabo psz at maths.usyd.edu.au
www.maths.usyd.edu.au/u/psz
School of Mathematics and Statistics University of Sydney
Australia
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list