[Bug 1223] tun/tap capability only works with root login (openssh-4.3_p2)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Aug 31 01:25:54 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1223

           Summary: tun/tap capability only works with root login (openssh-
                    4.3_p2)
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: opensshbugs at lakedaemon.net


I've been testing openssh-4.3_p2 on my gentoo systems for remote layer2
access to my home network.  It works well (haven't tested latency
sensitive traffic, eg voip, yet), but only when logging in as root.  

I've created a first draft patch against 4.3_p2 that compiles cleanly
on linux, and allows remote users to establish tun/tap vpn as
unprivileged users.  This is done via the TUNSETOWNER ioctl().  

This patch is proof of concept only.  It does not add the capability to
the other *nixs, has not been tested for security, and needs to be
cleaned up.  I'm willing to do that if there is interest in adding this
capability to openssh...




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list