[PATCH] / permitgwports / permitlisten

Philipp Heckel philipp.heckel at gmail.com
Sat May 13 10:22:40 AEST 2017

Hello Devin,

it seems I haven't done my homework, and wrote a patch without properly
checking bugzilla ...

> Anyhow, just drawing attention of these 2 patches together – they’re
> similar, though not identical. [..]  Your approaches looks
> very familiar, it felt like deja vu.

The patches are indeed very, very similar. I think that does underline
the need for such an option. I must admit I was pretty surprised that
it did not exist already.

>  Ours also changes the behavior of permitopen.

While I generally agree with having to explicitly whitelist
"permitopen" host/port pairs, it does change the default behavior and
would probably break configuration in the wild. Or am I mistaken here?


More information about the openssh-unix-dev mailing list