bugzilla-daemon at mindrot.org
2006-Oct-30 08:12 UTC
[Bug 1256] unix domain sockets support
http://bugzilla.mindrot.org/show_bug.cgi?id=1256 Summary: unix domain sockets support Product: Portable OpenSSH Version: 4.4p1 Platform: Other OS/Version: All Status: NEW Keywords: patch Severity: enhancement Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: tneumann at users.sourceforge.net It would be nice if ssh could forward unix domain sockets in addition to TCP ports. The main reasons for this are better security and a nicer namespace: If I use ssh to access a remote service (e.g. VNC), my forward is visible to all other users on the same machine. First, this means that some care is required to make sure that the choosen port is still free, and second, all other users can access the remote service using my forwarded port. This is unfortunate if the remote services has a weak or no access control. Using unix domain sockets provides as natural namespace to avoid collisions and allows using filesystem permissions to grant or deny access. There is already a patch against OpenSSH that provides unix domain socket support http://www.25thandclement.com/~william/projects/streamlocal.html which might be used as a base. (It is probably known to the OpenSSH developers, but as I could not find an corresponding Bugzilla entry I filed an enhancement request). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.