Bugtraq mailing list archives
SSH LocalForward
From: aeneas () sesuadra org (Kristof Van Damme)
Date: Sat, 2 Aug 1997 16:33:51 +0200
Hi, I bumped into a weird 'feature' of ssh 1.2.20. When I run: ssh -L 80:remotehost:80 remotehost as a normal user I get the expected error: Privileged ports can only be forwarded by root. But when I put: LocalForward 80 remotehost:80 in my ~/.ssh/config file and connect to the remote host I don't get the error and port 80 is opened on the localhost (an httpd was not running, the port must be available). When I connect to it I get a normal redirection to remotehost:80 over the secure channel. This means however that a non-root user is able to open privileged ports on the localhost and redirect them. Is this normal? I checked it on Linux and Solaris. Aeneas ---------------------------------------------------------------------- |Kristof Van Damme | |System Administrator | |e-mail: aeneas () sesuadra org | |voice: +32 9 3558603 | ----------------------------------------------------------------------
Current thread:
- Re: Small problem in AIX write command: Executes shell David Hedley (Aug 01)
- <Possible follow-ups>
- Small problem in AIX write command: Executes shell DI. Dr. Klaus Kusche (Aug 01)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- comp.sys.sgi.bugs: YET another security alert (sigh) Arthur Hagen (Aug 04)
- comp.sys.sgi.bugs: Re: YET another security alert (sigh) Forwarded by Kari Hurtta (Aug 05)
- CPSR #8: identd Denial of Service Corinne Posse Releases (Aug 04)
- Re: CPSR #8: identd Denial of Service Curt Sampson (Aug 04)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- INND causes cancer in laboratory rats (fwd) Dan Fleisher (Aug 01)
- Re: INND causes cancer in laboratory rats (fwd) thoth () PURPLEFROG COM (Aug 01)
- Bugs in Debian Linux's ircd package Matt (Aug 01)
- SSH LocalForward Kristof Van Damme (Aug 02)
- Security hole in rusers client David Holland (Aug 02)
- SSH LocalForward Nicolas Dubee (Aug 02)
- Re: your mail Erik Troan (Aug 10)
- Sun Security Bulletin #00149 Aleph One (Aug 13)
- Sun Security Bulletin #00150 Aleph One (Aug 13)
- Possible fixed identd Phillip R. Jaenke (Aug 13)
- CERT Advisory CA-97.22 - BIND - the Berkeley Internet Name Daemon Aleph One (Aug 14)
- Vulnerability in 4.4BSD rfork() implementation Thomas H. Ptacek (Aug 02)
- Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Jeff Epler (Aug 02)
- Re: Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Marc Slemko (Aug 03)