https://bugzilla.mindrot.org/show_bug.cgi?id=2625
--- Comment #9 from Richard E. Silverman <[email protected]> --- Ah, I was only thinking about the client-side case, since that is how this bug report started: > I think openssh-client should allow use port forwarding not only for > root user. CAP_NET_BIND_SERVICE enough to use privileged ports. ... and in fact I came across this bugzilla entry because I was about to file one for the same problem with the client-side UsePrivilegedPort option, which is silently turned off if the euid is not 0: [ssh.c] if (original_effective_uid != 0) options.use_privileged_port = 0; ... which is similarly inaccurate. > These are solvable, eg by temporarily_use_uid() and/or by testing > binds during config parsing, but it's not a simple case of > "delete those checks and YOLO". Agreed, on the server side where privilege management is involved; I was advocating a different approach to the problem rather than giving a detailed, finished solution. On the client just that should be almost enough. If we want to preserve the current behavior on the client -- that the connection succeeds anyway -- then it would try to bind the low port, and if it gets EPERM (or any error?), retry without the low-port restriction before giving up. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
