socks5 support
Ben Lindstrom
mouring at etoh.eviladmin.org
Sun May 12 09:04:03 EST 2002
The only problem with ProxyCommand and sock{4,4a,5} is the fact that
DNS is not being handled at the right time. Which is what the 4a and 5
patches are doing. Doing DNS out of band in sock 4a/5 can be a security
risk. At least a bit of information leakage.
Not saying that I agree with his sock5 patch. Just ProxyCommand just won't
cut it unless......
I don't know the ProxyCommand code off hand, but what would be the chances
that one could do a simple modification to have all DNS lookups to be
passed to the 'ProxyCommand' program and let it handle such things? That
would solve both problems cleanly.
- Ben
On Sat, 11 May 2002, Kevin Steves wrote:
> On Fri, 10 May 2002, Michael Robinton wrote:
> :Good luck, I sent in a patch for socks5 support back in October of last
> :year and got blown out of the water by the "developers".
>
> This is best handled by a ProxyCommand helper.
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list