cvs commit: src/crypto/openssh readconf.c

Robert Watson rwatson at
Wed Aug 20 12:31:09 UTC 2008

On Wed, 20 Aug 2008, Dag-Erling Smorgrav wrote:

> des         2008-08-20 10:40:07 UTC
>  FreeBSD src repository
>  Modified files:
>    crypto/openssh       readconf.c
>  Log:
>  SVN rev 181918 on 2008-08-20 10:40:07Z by des
>  Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.
>  Submitted upstream, no reaction.
>  Submitted by:   delphij@
>  MFC after:      2 weeks

While better than what was there before, I still think that this code is 
incorrect.  SSH should be using the user credential to create and bind 
forwarding sockets, not the root credential, and should not be attempting to 
guess the kernel's policy, even if that guess is now a bit more informed. 
However, I guess that more complete and desirable fix is more complicated...

Robert N M Watson
Computer Laboratory
University of Cambridge

More information about the cvs-all mailing list