https://bugzilla.mindrot.org/show_bug.cgi?id=2625
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> --- Comment on attachment 2880 --> https://bugzilla.mindrot.org/attachment.cgi?id=2880 Don't require a root if there is CAP_NET_BIND_SERVICE I'm ok with doing something like this but the patch currently needs some work: - unconditionally linking against libcap will break every other platform that doesn't have it. Ditto the actual function calls. - putting the libcap interface code inline in readconf.c will make maintenance of that file harder as future changes need to be pulled in, and that file changes a lot. - there is the equivalent check in sshd, which this code does not address. I've started by factoring this check out into its own function: https://anongit.mindrot.org/openssh.git/commit/?id=1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 >From there we needs to add the appropriate configure time --with-capabilities flag and add the code inside #ifdef USE_CAPABILITIES inside misc.c:bind_permitted(). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
