[5084] in bugtraq
SSH LocalForward
daemon@ATHENA.MIT.EDU (Kristof Van Damme)
Sat Aug 2 18:11:58 1997
Date: Sat, 2 Aug 1997 16:33:51 +0200
Reply-To: Kristof Van Damme <aeneas@sesuadra.org>
From: Kristof Van Damme <aeneas@SESUADRA.ORG>
X-To: ssh-bugs@cs.hut.fi
To: BUGTRAQ@NETSPACE.ORG
Hi,
I bumped into a weird 'feature' of ssh 1.2.20. When I run:
ssh -L 80:remotehost:80 remotehost
as a normal user I get the expected error:
Privileged ports can only be forwarded by root.
But when I put:
LocalForward 80 remotehost:80
in my ~/.ssh/config file and connect to the remote host I don't get the
error and port 80 is opened on the localhost (an httpd was not running,
the port must be available). When I connect to it I get a normal
redirection to remotehost:80 over the secure channel. This means however
that a non-root user is able to open privileged ports on the localhost and
redirect them. Is this normal? I checked it on Linux and Solaris.
Aeneas
----------------------------------------------------------------------
|Kristof Van Damme |
|System Administrator |
|e-mail: aeneas@sesuadra.org |
|voice: +32 9 3558603 |
----------------------------------------------------------------------
