On Mar 2, 2008, at 2:19 PM, Phil Pennock wrote:
On 2008-03-02 at 05:46 -0800, Joshua Juran wrote:
If ssh could just pick a free
port and
then set an environment variable saying which one it was, that
would be
very cool, except of course for allowing ANYONE ON THE REMOTE
SYSTEM to
connect to my forwarded port. WTF!? How about forwarding to a
unix-domain
socket? Am I really the first person to think of this?
Hack-around: after picking the port, tell the host's packet filter to
only allow outbound connections to 127.0.0.1 on that port by processes
running as whichever users you want to have access. It's foul and
fragile and dependent upon you having "127.0.0.1 connections only from
local-host" strong end-system enforcement filters; otherwise an
attacker
could use a host without 127.0.0.1 configured and a manual arp-table
entry pointing at your host and connect, say, 192.0.2.42<->127.0.0.1;
Unix-domain socket permissions would be much cleaner.
In other words, upon implementing this I'd immediately hate it.
Thanks for validating the use of Unix-domain sockets, though.
pf will let you restrict which user can make outbound connections to a
particular ip/port (or can listen on a port for connections) and I
believe that iptables has that support nowadays too.
You mean I have to be root?
I guess I'll just manually assign port numbers. Or use nano.
Josh
