[Bug 3686] Remote-forwarding of Unix socket not possible with `AllowStreamLocalForwarding remote` but `AllowTcpForwarding no`
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Oct 1 00:18:10 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3686
bugs-openssh at antipoul.fr changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugs-openssh at antipoul.fr
--- Comment #1 from bugs-openssh at antipoul.fr ---
It's still happening in 9.6p1 at least.
I don't understand the permission logic, but it seems bogus.
In
https://github.com/openssh/openssh-portable/blob/master/channels.c#L4933
the function channel_connect_to_path checks permissions to match if
(path, PORT_STREAMLOCAL) is allowed, using open_match()
But open_match
(https://github.com/openssh/openssh-portable/blob/master/channels.c#L4413)
checks against port_to_connect, which is always -2 for unix socket
(https://github.com/openssh/openssh-portable/blob/master/misc.h#L155)
Of course it's not possible to specify negative port number in
PermitOpen directive (see
https://github.com/openssh/openssh-portable/blob/2c504a74ed81d13c8198a89ed1040d0fc5f73129/misc.c#L2053),
nor a path as a hostname.
I didn't dig into each details, but it seems that without
AllowTCPForwarding, AllowStreamLocalForwarding is useless. This could
be fixed by either:
- Mentioning in the documentation that AllowTcpForwarding is required
- Adding parsing for sockets in PermitListen and PermitOpen (which
would be the best ;) )
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list