[PATCH] Make "-L" local ports bind to "127.0.0.1" in openssh-2.9p1
David Terrell
dbt at meat.net
Thu Jun 7 18:53:11 EST 2001
On Sat, Jun 09, 2001 at 07:48:06PM -0400, Albert John FitzPatrick III wrote:
> + * Oh yeah? Setting hostname to NULL and hints.ai_flags to
> + * AI_PASSIVE on Red Hat Linux release 6.0 (Hedwig) with
> + * Linux kernel 2.2.14 does no such thing. On that system
> + * "::" and "0.0.0.0" (and maybe one other value which slips
> + * my memory) are returned. Setting hostname to "127.0.0.1"
> + * does the trick, at least for IPv4 uses; I don't know what
> + * it does for IPv6. Without this hack, local ("-L") tunnel
> + * end-points (which are supposed to be private unless "-g"
> + * or "-o 'GatewayPorts yes'" is specified when "ssh" is
> + * started) are [ab]usable by any host which has a route
> + * to/from the this host.
Perhaps you should point your operating system vendor (or whomever they
get their libc from) at RFC 2553:
If the AI_PASSIVE bit is not set in the ai_flags member of the hints
structure, then the returned socket address structure will be ready
for a call to connect() (for a connection-oriented protocol) or
either connect(), sendto(), or sendmsg() (for a connectionless
protocol). In this case, if the nodename argument is a NULL pointer,
then the IP address portion of the socket address structure will be
set to the loopback address.
--
David Terrell | "... a grandiose, wasteful drug war that will never
dbt at meat.net | be won as long as so many Americans need to
Nebcorp Prime Minister | anesthetize themselves to get through the day."
http://wwn.nebcorp.com/ | -Camille Paglia
More information about the openssh-unix-dev
mailing list