James E. Pace writes:
|
| I rebuilt -current on Friday, and OpenSSH does not work through a
| SOCKS firewall.
|
| In my make.conf, I have "USE_SOCKS= YES", which is used in the
| ports/security/ssh port.
As mentioned we have ssh in the base system so your are picking that up.
Another alternative is to remove the setuid bits /usr/bin/ssh and
then do a "runsocks ssh". LP_PRELOAD in FreeBSD does not work on
setuid binaries. This is a security feature. Solaris let's you do
a LD_PRELOAD on setuid binaries if the library is from /usr/lib. So
on Solaris if the libsocks_sh.so was in /usr/lib then LD_PRELOAD of
it would work on setuid binaries like ssh and it would just work
without recompiling/linking.
However, now that Dante is available and has BSD licensing we could
include it in the base OS. Yes it is bloat, but then people could
sysinstall behind a Socks firewall and things like ssh etc could be
linked to it. There are things I like and don't like with Dante but
it is a pretty good package and has a better license.
I could do the work if deemed usefull. I don't want to maintain
my own branch and we use the Nec implementation here so I don't
want to be bouncing between them for no good reason.
Doug A.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message