Mailing List Archive

[Bug 2846] PermitOpen rule in sshd_config is not case insensitive

Damien Miller <> changed:

What |Removed |Added
Blocks|3302 |

--- Comment #12 from Damien Miller <> ---
actually, this is really fiddly to do properly.

We can't reliably roundtrip through getaddrinfo/getnameinfo because the
PermitOpen directives may refer to addresses scoped to interfaces that
may happen not to be available at the time of sshd_config parsing (e.g.
some sort of ephemeral tunnel interface). Attempting to scrub these
addresses this way could cause them to be incorrectly rejected.

So a better heuristic would be to detect the hostname case (i.e. not
path and not address) and only lowercase those. We'd also need to do
the same to hostnames coming in for forwarding requests, subject to
similar rules.

Referenced Bugs:
[Bug 3302] Tracking bug for openssh-8.7
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
openssh-bugs mailing list