[Bug 1733] Enhance support for QoS (ToS) by supporting DSCP/CS and adding option

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 2 15:11:46 EST 2010


--- Comment #5 from Philip Prindeville <philipp at redfish-solutions.com>  ---
(In reply to comment #4)
> Why is the restriction that UseQoS may only appear in
> /etc/ssh/ssh_config necessary? It isn't an effective control, since a
> user who wanted to circumvent it could just build a ssh without the
> check. Does the IP_TOS ioctl perform any privilege checks when setting
> low-precedence traffic classes?

It's a somewhat effective check, since not everyone may have access to
recompiled binaries or even sources and a compiler.

It removes for the large majority the need to fiddle with settings they
might not (and most likely don't) entirely understand.

And no, the setsockopt(IP_TOS) is entirely unprivileged.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list