Bug 708

Summary:

Remote forward: Connect from privileged port if originator connected from privileged port

Product:

Portable OpenSSH

Reporter:

Robert Dahlem <Robert.Dahlem>

Component:

ssh

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED WONTFIX

Severity:

enhancement

CC:

djm, Robert.Dahlem

Priority:

Version:

-current

Hardware:

All

OS:

All

Attachments:

Description	Flags
proposed patch	none
proposed patch for 3.9p1	none

Description Robert Dahlem 2003-09-24 02:14:28 AEST

Got a daemon which checks if connections are originated from a privileged port
(below 1024) to make sure originator has UID==0. Need a way to emulate this when
forwarding ports through secure tunnels.

Implemented ssh option -Q as extension to option -R. With -Q ssh tries to
connect from a port below IPPORT_RESERVED if originator port was below
IPPORT_RESERVED.

Comment 1 Robert Dahlem 2003-09-24 02:17:19 AEST

Created attachment 460 [details]
proposed patch

Comment 2 Robert Dahlem 2004-08-26 00:08:36 AEST

Created attachment 704 [details]
proposed patch for 3.9p1

Comment 3 Damien Miller 2015-11-13 14:37:51 AEDT

Given our privilege separation system, this is much more trouble to implement that it is IMO worth.

Comment 4 Damien Miller 2016-08-02 10:42:41 AEST

Close all resolved bugs after 7.3p1 release