search for: fwd_opts

...error("Symbolic link is not allowed"); + free(ret); + return NULL; + } + } + if (cp2 == NULL) + break; + *cp2 = '/'; + cp = cp2 + 1; + } + return ret; +} + static int channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, struct ForwardOptions *fwd_opts) @@ -3005,6 +3058,7 @@ channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, Channel *c; int port, sock; mode_t omask; + char *listen_path; switch (type) { case SSH_CHANNEL_UNIX_LISTENER: @@ -3042,22 +3096,39 @@ channel_setup_fwd_listener_streamlocal(int type, struct For...

...mp_config(ServerOptions *o) dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); + dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);

...d as an option for the client program. Following the codepath, it ends up as an option for the server program. Server process receives in serverloop.c:1409 "streamlocal-forward at openssh.com" receives fwd.listen_path calls channel_setup_remote_fwd_listener(&fwd, NULL, &options.fwd_opts) channels.c: channel_setup_local_fwd_listener -> channel_setup_fwd_listener_streamlocal channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, struct ForwardOptions *fwd_opts) calls unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG, fwd_opts->streamlocal_bind...

...amlocal(int type, struct Forward *fwd, debug3("%s: type %d path %s", __func__, type, fwd->listen_path); + /* Expand home directory if necessary */ + char *expanded_path = tilde_expand_filename(fwd->listen_path, getuid()); + /* Start a Unix domain listener. */ omask = umask(fwd_opts->streamlocal_bind_mask); - sock = unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG, + sock = unix_listener(expanded_path, SSH_LISTEN_BACKLOG, fwd_opts->streamlocal_bind_unlink); + free(expanded_path); umask(omask); if (sock < 0) return 0; -- 1.9.1

https://bugzilla.mindrot.org/show_bug.cgi?id=2473 Bug ID: 2473 Summary: sshd and -R port forwardings on 127.0.0.0/8 Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...o->max_authtries); dump_cfg_int(sMaxSessions, o->max_sessions); + dump_cfg_int(sMaxDisplays, o->max_displays); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); diff -Naur openssh-portable/servconf.h openssh-portable-maxdisplays/servconf.h --- openssh-portable/servconf.h 2016-06-01 21:14:01.820052926 -0400 +++ openssh-portable-maxdisplays/servconf.h 2016-06-01 21:14:22.976053858 -0400 @@ -29,6 +29,7 @@ #define MAX_MATCH_GROUPS 256...

Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d