Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 2846] PermitOpen rule in sshd_config is not case insensitive
bugzilla-daemon at mindrot
Jul 1, 2021, 10:59 PM
Post #1 of 1 (106 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=2846

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks|3302 |

--- Comment #12 from Damien Miller <djm@mindrot.org> ---
actually, this is really fiddly to do properly.

We can't reliably roundtrip through getaddrinfo/getnameinfo because the
PermitOpen directives may refer to addresses scoped to interfaces that
may happen not to be available at the time of sshd_config parsing (e.g.
some sort of ephemeral tunnel interface). Attempting to scrub these
addresses this way could cause them to be incorrectly rejected.

So a better heuristic would be to detect the hostname case (i.e. not
path and not address) and only lowercase those. We'd also need to do
the same to hostnames coming in for forwarding requests, subject to
similar rules.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal