Bugtraq mailing list archives

Re: SSH LocalForward

From: sevo () inm de (Sevo Stille)
Date: Sun, 3 Aug 1997 13:49:11 +0200


- the

more reasonable method is to move the check into add_local_forward():

 --- readconf.c  Sun Aug  3 00:55:40 1997
+++ readconf.c.orig     Sun Aug  3 00:57:21 1997


Arrgh. As Jon Lewis correctly pointed out, the patch is reversed and could
do with some cleanup.

--- readconf.c.orig     Sun Aug  3 00:57:21 1997
+++ readconf.c  Sun Aug  3 13:20:08 1997
@@ -204,6 +204,10 @@
   Forward *fwd;
   if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
     fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
+  if (port < 1024 && original_real_uid != UID_ROOT)
+  {
+     fatal("Privileged ports can only be forwarded by root.\n");
+  }
   fwd = &options->local_forwards[options->num_local_forwards++];
   fwd->port = port;
   fwd->host = xstrdup(host);


Sevo

Current thread:

Re: SSH LocalForward Sevo Stille (Aug 02)
- <Possible follow-ups>
- Re: SSH LocalForward Sevo Stille (Aug 03)
- Re: SSH LocalForward long-morrow () CS YALE EDU (Aug 03)
  - Re: SSH LocalForward Kyle Amon (Aug 04)
    - Netscape Referer header considered harmful? Ronald L. Parker (Aug 04)
    - Re: Netscape Referer header considered harmful? Eric Murray (Aug 06)
    - Re: SSH LocalForward Bryan Andregg (Aug 05)
    - SGI Security Advisory 19970509-02-PX - IRIX ordist Buffer Overrun SGI Security Coordinator (Aug 05)
    - IMAPd scans Steve Herman (Aug 06)
    - XFREE86 can block reserved ports Willy TARREAU (Aug 06)
    - Re: XFREE86 can block reserved ports Alex Belits (Aug 06)