diff options
-rw-r--r-- | misc.c | 11 | ||||
-rw-r--r-- | misc.h | 3 | ||||
-rw-r--r-- | readconf.c | 5 | ||||
-rw-r--r-- | serverloop.c | 13 |
4 files changed, 15 insertions, 17 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.130 2018/07/18 11:34:04 dtucker Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -1576,15 +1576,6 @@ forward_equals(const struct Forward *a, const struct Forward *b) | |||
1576 | return 1; | 1576 | return 1; |
1577 | } | 1577 | } |
1578 | 1578 | ||
1579 | /* returns 1 if bind to specified port by specified user is permitted */ | ||
1580 | int | ||
1581 | bind_permitted(int port, uid_t uid) | ||
1582 | { | ||
1583 | if (port < IPPORT_RESERVED && uid != 0) | ||
1584 | return 0; | ||
1585 | return 1; | ||
1586 | } | ||
1587 | |||
1588 | /* returns 1 if process is already daemonized, 0 otherwise */ | 1579 | /* returns 1 if process is already daemonized, 0 otherwise */ |
1589 | int | 1580 | int |
1590 | daemonized(void) | 1581 | daemonized(void) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.73 2018/06/09 03:01:12 djm Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -31,7 +31,6 @@ struct Forward { | |||
31 | }; | 31 | }; |
32 | 32 | ||
33 | int forward_equals(const struct Forward *, const struct Forward *); | 33 | int forward_equals(const struct Forward *, const struct Forward *); |
34 | int bind_permitted(int, uid_t); | ||
35 | int daemonized(void); | 34 | int daemonized(void); |
36 | 35 | ||
37 | /* Common server and client forwarding options. */ | 36 | /* Common server and client forwarding options. */ |
diff --git a/readconf.c b/readconf.c index ce832526a..d9b6e4cf9 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.294 2018/07/19 10:28:47 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -323,9 +323,6 @@ add_local_forward(Options *options, const struct Forward *newfwd) | |||
323 | extern uid_t original_real_uid; | 323 | extern uid_t original_real_uid; |
324 | int i; | 324 | int i; |
325 | 325 | ||
326 | if (!bind_permitted(newfwd->listen_port, original_real_uid) && | ||
327 | newfwd->listen_path == NULL) | ||
328 | fatal("Privileged ports can only be forwarded by root."); | ||
329 | /* Don't add duplicates */ | 326 | /* Don't add duplicates */ |
330 | for (i = 0; i < options->num_local_forwards; i++) { | 327 | for (i = 0; i < options->num_local_forwards; i++) { |
331 | if (forward_equals(newfwd, options->local_forwards + i)) | 328 | if (forward_equals(newfwd, options->local_forwards + i)) |
diff --git a/serverloop.c b/serverloop.c index cf18e387e..7be83e2d3 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.208 2018/07/11 18:53:29 markus Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -103,6 +103,17 @@ static void server_init_dispatch(void); | |||
103 | /* requested tunnel forwarding interface(s), shared with session.c */ | 103 | /* requested tunnel forwarding interface(s), shared with session.c */ |
104 | char *tun_fwd_ifnames = NULL; | 104 | char *tun_fwd_ifnames = NULL; |
105 | 105 | ||
106 | /* returns 1 if bind to specified port by specified user is permitted */ | ||
107 | static int | ||
108 | bind_permitted(int port, uid_t uid) | ||
109 | { | ||
110 | if (use_privsep) | ||
111 | return 1; /* allow system to decide */ | ||
112 | if (port < IPPORT_RESERVED && uid != 0) | ||
113 | return 0; | ||
114 | return 1; | ||
115 | } | ||
116 | |||
106 | /* | 117 | /* |
107 | * we write to this pipe if a SIGCHLD is caught in order to avoid | 118 | * we write to this pipe if a SIGCHLD is caught in order to avoid |
108 | * the race between select() and child_terminated | 119 | * the race between select() and child_terminated |