Re: Binding socks port in test suite
Date: Mon, 26 Nov 2007 13:02:40 -0800
On Mon, Nov 26, 2007 at 08:03:31PM +0100, Yang Tse wrote:
> And since our curl_ssh_config file does not specify the GatewayPorts
> option, its default value is 'no' which prevents remote hosts from
> connecting to forwarded ports.
> This is my reasoning to state that I don't think that the change
> introduces a security problem.
I haven't tried it recently, but my recollection was that the port was
not bound to a particular address. It could have been I tried it on
a machine with GatewayPorts yes configured.
> Even though, explicit "GatewayPorts no" could be added to
> curl_ssh_config. But it should make no difference if it works as
It would be safer to add it to make it explicit, and in case someone
has compiled ssh to use GatewayPorts yes as the default.
> Of course experimental facts override docs :-) So let's gather some...
> Can you actually connect from another machine to the socksport and do
> something ? Is it really wide open ?
I just tried it again on a couple of machines and also watched it running
in the test suite it is indeed working as you say--safely.
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2007-11-26