Forcing privileged ports with ssh -R

Wed Nov 13 05:47:17 EST 2002

Hi,

I have a daemon process which is changings things in the system only the 
superuser should be allowed to change. Lets call it "riskyd".

Users use a frontend on the same machine (lets call it "risky"). risky 
is a SUID program which talks to riskyd by binding to a privileged port, 
then connecting to riskyd on localhost. riskyd cheks that the connection 
is coming from localhost and from a privileged port to make sure the 
partner is privileged.

Now - as an addition - I need connections from the network to riskyd 
too. These connections must be tunneled through a secure connection.

The idea was to start something like

   my_host: # ssh -R riskyd_port:localhost:riskyd_port -N other_host

This way the spawned sshd on other_host would listen() on riskyd's port, 
incoming connections are tunneled to my_host (the host riskyd is running 
on) and ssh makes a connection to the real riskyd on localhost 
(my_host).

Some lousy ascii art:

    my_host                                     other_host

    riskyd
      ^
      |      secure tunnel through network  
     ssh ===================================== spawned sshd
                                                      ^
                                                      |
                                                    risky

Now from the users point of view it looks like riskyd is running on 
other_host too: they can use risky, risky can connect to 
localhost:riskyd_port. But in this case the real action is done on 
my_host. riskyd still sees connections from localhost. So far, so good.

But: sshd on other_host will happily accept connections from non-
privileged ports, ssh will connect from a non-privileged port to 
localhost. No way to check if the originating connection was from a 
privileged port.

How could this be forced? I did not find any parameters ...

A stroll through the sources did not reveal something relevant (well, at 
least not to me :-) so it seems not to be implemented yet.

Actually, remote forwarding is negotiated within some protocol between 
ssh and sshd. No problem to change this slightly with a private patch. 
If it only wouldn't incompatibly change the protocol.

So my idea is to implement it in a way that 
client_request_forwarded_tcpip() in clientloop.c checks originator_port 
for being in the priveleged range and - if yes - uses a privileged port 
to connect.

Any comments?

Regards,
        Robert

-- 
Robert.Dahlem at siemens.com
Siemens Business Services -  SBS D ORS FS BO DEZ KORDOBA-Outsourcing
Tel: +49-69-797-6530  Fax: +49-69-797-6599
----------------------------------------------------------------------
Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.