Date: Mon, 6 Mar 2000 16:30:06 -0800 (PST) From: Doug Ambrisko <ambrisko@whistle.com> To: "James E. Pace" <jepace@pobox.com> Cc: current@FreeBSD.ORG Subject: Re: /usr/bin/ssh and SOCKS Message-ID: <200003070030.QAA75449@whistle.com> In-Reply-To: <Pine.GSO.4.05.10003061134200.27621-100000@shell1> from "James E. Pace" at "Mar 6, 2000 11:37:18 am"
next in thread | previous in thread | raw e-mail | index | archive | help
James E. Pace writes: | | I rebuilt -current on Friday, and OpenSSH does not work through a | SOCKS firewall. | | In my make.conf, I have "USE_SOCKS= YES", which is used in the | ports/security/ssh port. As mentioned we have ssh in the base system so your are picking that up. Another alternative is to remove the setuid bits /usr/bin/ssh and then do a "runsocks ssh". LP_PRELOAD in FreeBSD does not work on setuid binaries. This is a security feature. Solaris let's you do a LD_PRELOAD on setuid binaries if the library is from /usr/lib. So on Solaris if the libsocks_sh.so was in /usr/lib then LD_PRELOAD of it would work on setuid binaries like ssh and it would just work without recompiling/linking. However, now that Dante is available and has BSD licensing we could include it in the base OS. Yes it is bloat, but then people could sysinstall behind a Socks firewall and things like ssh etc could be linked to it. There are things I like and don't like with Dante but it is a pretty good package and has a better license. I could do the work if deemed usefull. I don't want to maintain my own branch and we use the Nec implementation here so I don't want to be bouncing between them for no good reason. Doug A. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003070030.QAA75449>