Date: Wed, 20 Aug 2008 13:31:08 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Dag-Erling Smorgrav <des@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/crypto/openssh readconf.c Message-ID: <alpine.BSF.1.10.0808201330110.99968@fledge.watson.org> In-Reply-To: <200808201040.m7KAeDxX051115@repoman.freebsd.org> References: <200808201040.m7KAeDxX051115@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Aug 2008, Dag-Erling Smorgrav wrote: > des 2008-08-20 10:40:07 UTC > > FreeBSD src repository > > Modified files: > crypto/openssh readconf.c > Log: > SVN rev 181918 on 2008-08-20 10:40:07Z by des > > Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED. > Submitted upstream, no reaction. > > Submitted by: delphij@ > MFC after: 2 weeks While better than what was there before, I still think that this code is incorrect. SSH should be using the user credential to create and bind forwarding sockets, not the root credential, and should not be attempting to guess the kernel's policy, even if that guess is now a bit more informed. However, I guess that more complete and desirable fix is more complicated... Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0808201330110.99968>