James E. Pace writes:
| 
| I rebuilt -current on Friday, and OpenSSH does not work through a
| SOCKS firewall.
| 
| In my make.conf, I have "USE_SOCKS= YES", which is used in the
| ports/security/ssh port.

As mentioned we have ssh in the base system so your are picking that up.
Another alternative is to remove the setuid bits /usr/bin/ssh and
then do a "runsocks ssh".  LP_PRELOAD in FreeBSD does not work on 
setuid binaries.  This is a security feature.  Solaris let's you do
a LD_PRELOAD on setuid binaries if the library is from /usr/lib.  So 
on Solaris if the libsocks_sh.so was in /usr/lib then LD_PRELOAD of 
it would work on setuid binaries like ssh and it would just work
without recompiling/linking.

However, now that Dante is available and has BSD licensing we could
include it in the base OS.  Yes it is bloat, but then people could 
sysinstall behind a Socks firewall and things like ssh etc could be
linked to it.  There are things I like and don't like with Dante but
it is a pretty good package and has a better license.

I could do the work if deemed usefull.  I don't want to maintain
my own branch and we use the Nec implementation here so I don't 
want to be bouncing between them for no good reason.

Doug A.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to