4 files changed, 15 insertions, 17 deletions

diff --git a/misc.c b/misc.c
index 6b093f21b..ae4d29b84 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.130 2018/07/18 11:34:04 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -1576,15 +1576,6 @@ forward_equals(const struct Forward *a, const struct Forward *b)
         return 1;
 }
 
-/* returns 1 if bind to specified port by specified user is permitted */
-int
-bind_permitted(int port, uid_t uid)
-{
-        if (port < IPPORT_RESERVED && uid != 0)
-                return 0;
-        return 1;
-}
-
 /* returns 1 if process is already daemonized, 0 otherwise */
 int
 daemonized(void)
diff --git a/misc.h b/misc.h
index 837b005aa..6be289fd2 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.73 2018/06/09 03:01:12 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -31,7 +31,6 @@ struct Forward {
 };
 
 int forward_equals(const struct Forward *, const struct Forward *);
-int bind_permitted(int, uid_t);
 int daemonized(void);
 
 /* Common server and client forwarding options. */
diff --git a/readconf.c b/readconf.c
index ce832526a..d9b6e4cf9 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.294 2018/07/19 10:28:47 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -323,9 +323,6 @@ add_local_forward(Options *options, const struct Forward *newfwd)
         extern uid_t original_real_uid;
         int i;
 
-        if (!bind_permitted(newfwd->listen_port, original_real_uid) &&
-            newfwd->listen_path == NULL)
-                fatal("Privileged ports can only be forwarded by root.");
         /* Don't add duplicates */
         for (i = 0; i < options->num_local_forwards; i++) {
                 if (forward_equals(newfwd, options->local_forwards + i))
diff --git a/serverloop.c b/serverloop.c
index cf18e387e..7be83e2d3 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.208 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -103,6 +103,17 @@ static void server_init_dispatch(void);
 /* requested tunnel forwarding interface(s), shared with session.c */
 char *tun_fwd_ifnames = NULL;
 
+/* returns 1 if bind to specified port by specified user is permitted */
+static int
+bind_permitted(int port, uid_t uid)
+{
+        if (use_privsep)
+                return 1; /* allow system to decide */
+        if (port < IPPORT_RESERVED && uid != 0)
+                return 0;
+        return 1;
+}
+
 /*
  * we write to this pipe if a SIGCHLD is caught in order to avoid
  * the race between select() and child_terminated