bugzilla-daemon at mindrot.org
2006-Aug-30 15:25 UTC
[Bug 1223] tun/tap capability only works with root login (openssh-4.3_p2)
http://bugzilla.mindrot.org/show_bug.cgi?id=1223 Summary: tun/tap capability only works with root login (openssh- 4.3_p2) Product: Portable OpenSSH Version: 4.3p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: opensshbugs at lakedaemon.net I've been testing openssh-4.3_p2 on my gentoo systems for remote layer2 access to my home network. It works well (haven't tested latency sensitive traffic, eg voip, yet), but only when logging in as root. I've created a first draft patch against 4.3_p2 that compiles cleanly on linux, and allows remote users to establish tun/tap vpn as unprivileged users. This is done via the TUNSETOWNER ioctl(). This patch is proof of concept only. It does not add the capability to the other *nixs, has not been tested for security, and needs to be cleaned up. I'm willing to do that if there is interest in adding this capability to openssh... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Aug-30 15:28 UTC
[Bug 1223] tun/tap capability only works with root login (openssh-4.3_p2)
http://bugzilla.mindrot.org/show_bug.cgi?id=1223 ------- Comment #1 from opensshbugs at lakedaemon.net 2006-08-31 01:28 ------- Created an attachment (id=1179) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1179&action=view) proof-of-concept TUNSETOWNER patch This patch is the one referenced in the opening comment. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.