Tunneling as a non-root user

Damien Miller djm at mindrot.org
Sun Aug 23 18:14:59 AEST 2020


On Fri, 21 Aug 2020, Peter Stuge wrote:

> Damien Miller wrote:
> > A few people have asked for non-root tun forwarding over the years,
> > but nobody has come forward with a design for how it could work in
> > practice.
> > 
> > I'd certainly be open to a design that used some sort of plug-in
> > helper program to do the configuration steps, and let OpenSSH punt
> > all the decision-making to that :)
> 
> Would it be an option to keep the tun/tap code and teach it privsep?

That the code allowed a non-root user to partially configure a tun/tap
interface when privsep was disabled was a bug and not a feature.

-d


More information about the openssh-unix-dev mailing list