[PATCH]: Remove HAVE_CYGWIN in favor of NO_IPPORT_RESERVED_CONCEPT

Ben Lindstrom mouring at etoh.eviladmin.org
Tue Jul 9 23:55:15 EST 2002


Applied.

It's been in my mailbox, but when you have 161 messages all that need some
form of attention things are slowly done if they are not in my direct line
of view.

- Ben

On Tue, 9 Jul 2002, Corinna Vinschen wrote:

> Hi,
>
> may I ask what's about this one?  As I said, if it's unacceptable
> to use something like NO_IPPORT_RESERVED_CONCEPT, we need at least
> a HAVE_CYGWIN in serverloop.c which is currently missing.
>
> Corinna
>
>
> On Thu, Jul 04, 2002 at 11:27:10AM +0200, Corinna Vinschen wrote:
> > Hi,
> >
> > I've sent that patch once already but it seems more or less forgotten
> > in the tumultuous days of the latest vulnerability.
> >
> > It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined
> > on platforms not supporting the concept of "privileged" ports only
> > accessible by privileged users but which allow everyone to use these
> > ports.
> >
> > This patch removes some Cygwin dependencies from the code.
> >
> > Otherwise, if this patch isn't applied, we definitely need another
> > #ifndef HAVE_CYGWIN in serverloop.c otherwise serverside port forwarding
> > for reserverd ports doesn't work in Cygwin's 3.4 version.  The official
> > Cygwin release of 3.4 contains that additional HAVE_CYGWIN patch so far.
> >
> > Corinna
> >
> >
> > Index: acconfig.h
> > ===================================================================
> > RCS file: /cvs/openssh_cvs/acconfig.h,v
> > retrieving revision 1.141
> > diff -u -p -r1.141 acconfig.h
> > --- acconfig.h	25 Jun 2002 22:35:16 -0000	1.141
> > +++ acconfig.h	4 Jul 2002 09:13:29 -0000
> > @@ -310,6 +310,9 @@
> >  /* Define if X11 doesn't support AF_UNIX sockets on that system */
> >  #undef NO_X11_UNIX_SOCKETS
> >
> > +/* Define if the concept of ports only accessible to superusers isn't known */
> > +#undef NO_IPPORT_RESERVED_CONCEPT
> > +
> >  /* Needed for SCO and NeXT */
> >  #undef BROKEN_SAVED_UIDS
> >
> > Index: configure.ac
> > ===================================================================
> > RCS file: /cvs/openssh_cvs/configure.ac,v
> > retrieving revision 1.73
> > diff -u -p -r1.73 configure.ac
> > --- configure.ac	28 Jun 2002 00:37:33 -0000	1.73
> > +++ configure.ac	4 Jul 2002 09:13:30 -0000
> > @@ -86,6 +86,7 @@ case "$host" in
> >  	AC_DEFINE(IPV4_DEFAULT)
> >  	AC_DEFINE(IP_TOS_IS_BROKEN)
> >  	AC_DEFINE(NO_X11_UNIX_SOCKETS)
> > +	AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
> >  	AC_DEFINE(BROKEN_FD_PASSING)
> >  	AC_DEFINE(SETGROUPS_NOOP)
> >  	;;
> > Index: readconf.c
> > ===================================================================
> > RCS file: /cvs/openssh_cvs/readconf.c,v
> > retrieving revision 1.75
> > diff -u -p -r1.75 readconf.c
> > --- readconf.c	21 Jun 2002 00:41:52 -0000	1.75
> > +++ readconf.c	4 Jul 2002 09:13:31 -0000
> > @@ -199,7 +199,7 @@ add_local_forward(Options *options, u_sh
> >  		  u_short host_port)
> >  {
> >  	Forward *fwd;
> > -#ifndef HAVE_CYGWIN
> > +#ifndef NO_IPPORT_RESERVED_CONCEPT
> >  	extern uid_t original_real_uid;
> >  	if (port < IPPORT_RESERVED && original_real_uid != 0)
> >  		fatal("Privileged ports can only be forwarded by root.");
> > Index: serverloop.c
> > ===================================================================
> > RCS file: /cvs/openssh_cvs/serverloop.c,v
> > retrieving revision 1.102
> > diff -u -p -r1.102 serverloop.c
> > --- serverloop.c	25 Jun 2002 23:17:37 -0000	1.102
> > +++ serverloop.c	4 Jul 2002 09:13:34 -0000
> > @@ -972,8 +972,11 @@ server_input_global_request(int type, u_
> >
> >  		/* check permissions */
> >  		if (!options.allow_tcp_forwarding ||
> > -		    no_port_forwarding_flag ||
> > -		    (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) {
> > +		    no_port_forwarding_flag
> > +#ifndef NO_IPPORT_RESERVED_CONCEPT
> > +		    || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
> > +#endif
> > +		   ) {
> >  			success = 0;
> >  			packet_send_debug("Server has disabled port forwarding.");
> >  		} else {
> >
> > --
> > Corinna Vinschen
> > Cygwin Developer
> > Red Hat, Inc.
> > mailto:vinschen at redhat.com
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> --
> Corinna Vinschen
> Cygwin Developer
> Red Hat, Inc.
> mailto:vinschen at redhat.com
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list