socks5 support

Ben Lindstrom mouring at etoh.eviladmin.org
Sun May 12 09:04:03 EST 2002


The only problem with ProxyCommand and sock{4,4a,5} is the fact that
DNS is not being handled at the right time.  Which is what the 4a and 5
patches are doing.  Doing DNS out of band in sock 4a/5 can be a security
risk.  At least a bit of information leakage.

Not saying that I agree with his sock5 patch. Just ProxyCommand just won't
cut it unless......

I don't know the ProxyCommand code off hand, but what would be the chances
that one could do a simple modification to have all DNS lookups to be
passed to the 'ProxyCommand' program and let it handle such things?  That
would solve both problems cleanly.

- Ben


On Sat, 11 May 2002, Kevin Steves wrote:

> On Fri, 10 May 2002, Michael Robinton wrote:
> :Good luck, I sent in a patch for socks5 support back in October of last
> :year and got blown out of the water by the "developers".
>
> This is best handled by a ProxyCommand helper.
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list