Tunneling as a non-root user
Damien Miller
djm at mindrot.org
Sun Aug 23 18:14:59 AEST 2020
On Fri, 21 Aug 2020, Peter Stuge wrote:
> Damien Miller wrote:
> > A few people have asked for non-root tun forwarding over the years,
> > but nobody has come forward with a design for how it could work in
> > practice.
> >
> > I'd certainly be open to a design that used some sort of plug-in
> > helper program to do the configuration steps, and let OpenSSH punt
> > all the decision-making to that :)
>
> Would it be an option to keep the tun/tap code and teach it privsep?
That the code allowed a non-root user to partially configure a tun/tap
interface when privsep was disabled was a bug and not a feature.
-d
More information about the openssh-unix-dev
mailing list