curl-library
Re: Binding socks port in test suite
Date: Mon, 26 Nov 2007 13:02:40 -0800
On Mon, Nov 26, 2007 at 08:03:31PM +0100, Yang Tse wrote:
> And since our curl_ssh_config file does not specify the GatewayPorts
> option, its default value is 'no' which prevents remote hosts from
> connecting to forwarded ports.
>
> This is my reasoning to state that I don't think that the change
> introduces a security problem.
I haven't tried it recently, but my recollection was that the port was
not bound to a particular address. It could have been I tried it on
a machine with GatewayPorts yes configured.
> Even though, explicit "GatewayPorts no" could be added to
> curl_ssh_config. But it should make no difference if it works as
> documented.
It would be safer to add it to make it explicit, and in case someone
has compiled ssh to use GatewayPorts yes as the default.
> Of course experimental facts override docs :-) So let's gather some...
>
> Can you actually connect from another machine to the socksport and do
> something ? Is it really wide open ?
I just tried it again on a couple of machines and also watched it running
in the test suite it is indeed working as you say--safely.
>>> Dan
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2007-11-26