diff options
| author |   dtucker <dtucker@openbsd.org> | 2018-07-27 05:13:02 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2018-07-27 05:13:02 +0000 |
| commit | d867cf751373e6d8b41f67604b8bc5ca5ddba8c7 (patch) | |
| tree | 5ed5a966b6275dc066137f09ed058a1bb3bba200 /usr.bin/ssh/readconf.c | |
| parent | hds arrays can have more ports now, apparently; this lets theo use 4 paths (diff) | |
| download | wireguard-openbsd-d867cf751373e6d8b41f67604b8bc5ca5ddba8c7.tar.xz wireguard-openbsd-d867cf751373e6d8b41f67604b8bc5ca5ddba8c7.zip | |
Remove uid checks from low port binds. Now that ssh cannot be
setuid and sshd always has privsep on, we can remove the uid checks
for low port binds and just let the system do the check. We leave
a sanity check for the !privsep case so long as the code is stil
there. with & ok djm@
Diffstat (limited to 'usr.bin/ssh/readconf.c')
| -rw-r--r-- | usr.bin/ssh/readconf.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 6b5a4183e2a..bfe60f2ddfd 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.294 2018/07/19 10:28:47 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -308,9 +308,6 @@ add_local_forward(Options *options, const struct Forward *newfwd) extern uid_t original_real_uid; int i; - if (!bind_permitted(newfwd->listen_port, original_real_uid) && - newfwd->listen_path == NULL) - fatal("Privileged ports can only be forwarded by root."); /* Don't add duplicates */ for (i = 0; i < options->num_local_forwards; i++) { if (forward_equals(newfwd, options->local_forwards + i)) |