[PATCH]: Remove HAVE_CYGWIN in favor of NO_IPPORT_RESERVED_CONCEPT
Corinna Vinschen
vinschen at redhat.com
Thu Jul 4 19:27:10 EST 2002
Hi,
I've sent that patch once already but it seems more or less forgotten
in the tumultuous days of the latest vulnerability.
It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined
on platforms not supporting the concept of "privileged" ports only
accessible by privileged users but which allow everyone to use these
ports.
This patch removes some Cygwin dependencies from the code.
Otherwise, if this patch isn't applied, we definitely need another
#ifndef HAVE_CYGWIN in serverloop.c otherwise serverside port forwarding
for reserverd ports doesn't work in Cygwin's 3.4 version. The official
Cygwin release of 3.4 contains that additional HAVE_CYGWIN patch so far.
Corinna
Index: acconfig.h
===================================================================
RCS file: /cvs/openssh_cvs/acconfig.h,v
retrieving revision 1.141
diff -u -p -r1.141 acconfig.h
--- acconfig.h 25 Jun 2002 22:35:16 -0000 1.141
+++ acconfig.h 4 Jul 2002 09:13:29 -0000
@@ -310,6 +310,9 @@
/* Define if X11 doesn't support AF_UNIX sockets on that system */
#undef NO_X11_UNIX_SOCKETS
+/* Define if the concept of ports only accessible to superusers isn't known */
+#undef NO_IPPORT_RESERVED_CONCEPT
+
/* Needed for SCO and NeXT */
#undef BROKEN_SAVED_UIDS
Index: configure.ac
===================================================================
RCS file: /cvs/openssh_cvs/configure.ac,v
retrieving revision 1.73
diff -u -p -r1.73 configure.ac
--- configure.ac 28 Jun 2002 00:37:33 -0000 1.73
+++ configure.ac 4 Jul 2002 09:13:30 -0000
@@ -86,6 +86,7 @@ case "$host" in
AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
AC_DEFINE(BROKEN_FD_PASSING)
AC_DEFINE(SETGROUPS_NOOP)
;;
Index: readconf.c
===================================================================
RCS file: /cvs/openssh_cvs/readconf.c,v
retrieving revision 1.75
diff -u -p -r1.75 readconf.c
--- readconf.c 21 Jun 2002 00:41:52 -0000 1.75
+++ readconf.c 4 Jul 2002 09:13:31 -0000
@@ -199,7 +199,7 @@ add_local_forward(Options *options, u_sh
u_short host_port)
{
Forward *fwd;
-#ifndef HAVE_CYGWIN
+#ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid;
if (port < IPPORT_RESERVED && original_real_uid != 0)
fatal("Privileged ports can only be forwarded by root.");
Index: serverloop.c
===================================================================
RCS file: /cvs/openssh_cvs/serverloop.c,v
retrieving revision 1.102
diff -u -p -r1.102 serverloop.c
--- serverloop.c 25 Jun 2002 23:17:37 -0000 1.102
+++ serverloop.c 4 Jul 2002 09:13:34 -0000
@@ -972,8 +972,11 @@ server_input_global_request(int type, u_
/* check permissions */
if (!options.allow_tcp_forwarding ||
- no_port_forwarding_flag ||
- (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) {
+ no_port_forwarding_flag
+#ifndef NO_IPPORT_RESERVED_CONCEPT
+ || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
+#endif
+ ) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list