tcpip-forward with port 0 and 'want reply'

William Ahern william at 25thandClement.com
Fri Apr 21 06:19:51 EST 2006


On Thu, Apr 20, 2006 at 06:00:54PM +1000, Damien Miller wrote:
> > In the process I've run into trouble w/ ForwardPermissions. I suspect
> > there's a bug in the SSH 2.0 support since it doesn't keep track of
> > listening hostnames, only the port. Again, there's a silent collision and
> > either the permissions are too strict or too loose.
> 
> Yes, permitopen doesn't support specification of a bind_address 
> presently. It should "fail closed" on ambiguous matches though, so why
> do you say the permissions are too loose?
> 

Well, I wasn't sure. It just looked funny. I didn't inspect it very closely,
I just initially #ifdef'd out all the permitopen stuff to narrow the scope
(the task was so daunting initially). I'll tackle that to round out the
domain socket support.

Is there anything in particular I should know or take into consideration0
when adding bind address info to the permitopen handling?




More information about the openssh-unix-dev mailing list