[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: Implementing IP_FREEBIND in OpenSSH
From: Dmitry Belyavskiy <dbelyavs () redhat ! com>
Date: 2021-07-28 7:46:54
Message-ID: CAOcQRVWbqjT_ntgL+Z++b1AfaE=9XZxzgP4DxcPbgN+rMh7Bpw () mail ! gmail ! com
[Download RAW message or body]
Dear Damien,
On Wed, Jul 28, 2021 at 1:19 AM Damien Miller <djm@mindrot.org> wrote:
> On Tue, 27 Jul 2021, Dmitry Belyavskiy wrote:
>
> Perhaps make ip_nonlocal_bind=2 allow root to bind non-locally without
> restriction. That might solve the problem for sshd and all other network
> daemons?
>
Yes. It's one of the currently recommended workarounds.
If SO_BINDANY does turn out to be cross platform without heavy caveats,
> then perhaps a flag on this existing Listen directive would be more
> acceptable, e.g. "Listen 111.222.33.44 bindany" - there is prior art
> for such flags in the existing "rdomain" one.
>
Yes, it's the reasonable syntax for this purpose. Many thanks for the clue!
--
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic