openssh bugs - Jun 2019 - [Bug 3018] New: Forwarding unix-domain sockets to/from remote homedir-relative locations

https://bugzilla.mindrot.org/show_bug.cgi?id=3018

            Bug ID: 3018
           Summary: Forwarding unix-domain sockets to/from remote
                    homedir-relative locations
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: dkg at fifthhorseman.net

If i'm using RemoteForward or LocalForward with unix-domain sockets,
sometimes i want to specify a socket that is relative to the homedir on
the remote system.

It would be nice to be able to specify this simply in the appropriate
place in ssh_config without having to know and hard-code my homedir for
each remote host into host-specific stanzas.

for example, it would be nice to be able to use:

    ssh -o 'RemoteForward=~/.foo:~/.foo' $host

and have them be relative to the respective home directories, even if
it's `/home/dkg/.foo` on the local system and
`/users/example.org/admin/.foo` on the remote system.

I note that using relative paths for the remote side of forwarding
links seems to treat them as "relative" to the root directory.  so:

    ssh -o 'RemoteForward=foo/bar:foo/bar' $host

uses /foo/bar on the remote side, but treats the local side as relative
to the cwd of the ssh client (note that this gets confusing when using
socket multiplexing, but that is a separate issue).

I also note that it might be nice to have other expansions besides the
homedir, which makes me wonder whether it might make more sense to use
tokens here (c.f. "TOKENS" section in sshd_config(5), at least %h and
%U and %u), so that we could use:

    ssh -o 'RemoteForward=%h/.foo:/home/dkg/.foo' $host

But i don't know how to introduce such a change without breaking some
potential existing configurations.  Perhaps if the Unix-domain socket
path is prefixed with a !, then the tokens would be applied?

I think this would need to be handled on both the ssh and sshd side to
make it work, though, and we'd need to sort out whether to retcon this
into the definition of `streamlocal` extension (defined in section 2.4
of PROTOCOL) or to define a new extension.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3018

J?r?me Carretero <cJ-mr at zougloub.eu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cJ-mr at zougloub.eu

--- Comment #1 from J?r?me Carretero <cJ-mr at zougloub.eu> ---
When the session subprocess is created, its cwd is /.

Given that a user can always access / using an absolute path, maybe it
would be reasonable to chdir to the user's $HOME if it exists?

Then a relative path (without the need of ~-expanding) in the
expression of RemoteForward would be relative to $HOME...

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3018

Celeste Liu <CoelacanthusHex at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |CoelacanthusHex at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.