cvs commit: src/crypto/openssh readconf.c
rwatson at FreeBSD.org
Wed Aug 20 12:31:09 UTC 2008
On Wed, 20 Aug 2008, Dag-Erling Smorgrav wrote:
> des 2008-08-20 10:40:07 UTC
> FreeBSD src repository
> Modified files:
> crypto/openssh readconf.c
> SVN rev 181918 on 2008-08-20 10:40:07Z by des
> Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.
> Submitted upstream, no reaction.
> Submitted by: delphij@
> MFC after: 2 weeks
While better than what was there before, I still think that this code is
incorrect. SSH should be using the user credential to create and bind
forwarding sockets, not the root credential, and should not be attempting to
guess the kernel's policy, even if that guess is now a bit more informed.
However, I guess that more complete and desirable fix is more complicated...
Robert N M Watson
University of Cambridge
More information about the cvs-all