bugzilla-daemon at mindrot.org
2015-Feb-01 19:32 UTC
[Bug 2347] New: permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Bug ID: 2347
Summary: permitopen doesn't work with unix domain sockets
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: mail at mpopp.eu
Hi,
thank you for the 6.7 release and the nifty feature to support binding
remote tunnels to unix domain sockets.
Unfortunately the permitopen command doesn't support domain sockets as
well.
If I put the following in my /home/user/.ssh/authorized_keys file:
permitopen="/tmp/asdf" ssh-ed25519 AAAA...
I get the following error message:
Feb 1 19:20:54 client sshd[62063]: Bad options in
/home/user/.ssh/authorized_keys file, line 1: ssh-ed25519 AAAA..
It would be great, if could have a look at the code and add support for
using unix domain sockets together with permitopen.
I have had a look at the code, but I couldn't provide a fix :-(
Regards
Marcus
P.S. Greetings Markus from your old fellow :-)
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Feb-02 11:57 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Marcus Popp <mail at mpopp.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #1 from Marcus Popp <mail at mpopp.eu> ---
*** This bug has been marked as a duplicate of bug 2038 ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Feb-02 12:09 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Marcus Popp <mail at mpopp.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|DUPLICATE |---
Status|RESOLVED |REOPENED
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Oct-19 20:22 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
openssh at funkthat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |openssh at funkthat.com
--- Comment #2 from openssh at funkthat.com ---
Please implement this feature. I tried to do this myself, but getting
testing and what looks like threading support through all the calls
that need it is too complicated for someone who doesn't know the code
base w/o possibly opening up a security hole.
The unix domain sockets feature is not completely w/o this. For my use
case, w/o this support, there is no point is using this, and I'll be
looking at another tool.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jun-12 20:31 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Jernej Jakob <jernej.jakob at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|6.7p1 |9.3p1
CC| |jernej.jakob at gmail.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-01 20:17 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Adrien <adrien.langou at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adrien.langou at hotmail.com
--- Comment #3 from Adrien <adrien.langou at hotmail.com> ---
Created attachment 3813
--> https://bugzilla.mindrot.org/attachment.cgi?id=3813&action=edit
A naive patch for unix socket in permitopen
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-01 20:22 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347 --- Comment #4 from Rookeur <adrien.langou at hotmail.com> --- (In reply to Rookeur from comment #3)> Created attachment 3813 [details] > A naive patch for unix socket in permitopenHi, This is my first contribution to openssh is there anyone who wants to take look at my patch ? I am aware that this is a relatively naive implementation but I am looking for new inputs to keep working on the patch. Regards Adrien -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-May-01 20:23 UTC
[Bug 2347] permitopen doesn't work with unix domain sockets
https://bugzilla.mindrot.org/show_bug.cgi?id=2347
Rookeur <adrien.langou at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|9.3p1 |9.7p1
--
You are receiving this mail because:
You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 2038] New: permitopen functionality but for remote forwards
- [Bug 2355] New: general protection / segfaults when PermitOpen=none
- [Bug 1267] PermitOpen - Multiple forwards don't works
- [Bug 2711] New: Patch to add permitgwport and restrict permitopen to be a default deny
- [Bug 2001] New: Document PermitOpen none in man page