On Mon, Nov 26, 2007 at 08:03:31PM +0100, Yang Tse wrote:
> And since our curl_ssh_config file does not specify the GatewayPorts
> option, its default value is 'no' which prevents remote hosts from
> connecting to forwarded ports.
>
> This is my reasoning to state that I don't think that the change
> introduces a security problem.

I haven't tried it recently, but my recollection was that the port was
not bound to a particular address. It could have been I tried it on
a machine with GatewayPorts yes configured.

> Even though, explicit "GatewayPorts no" could be added to
> curl_ssh_config. But it should make no difference if it works as
> documented.

It would be safer to add it to make it explicit, and in case someone
has compiled ssh to use GatewayPorts yes as the default.

> Of course experimental facts override docs :-) So let's gather some...
>
> Can you actually connect from another machine to the socksport and do
> something ? Is it really wide open ?

I just tried it again on a couple of machines and also watched it running
in the test suite it is indeed working as you say--safely.

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved