[sslh] sslh-1.10 OS X issue and patch
Aaron Madlon-Kay
aaron at madlon-kay.com
Sun Jan 1 07:33:59 CET 2012
[Resending message to list]
Hello Yves. Happy New Year and all that :)
I finally got around to testing 1.10 on my OS X server and found the following issue:
When sslh writes the /var/run/sslh.pid file it gets denied as follows:
----
$ sudo ./sslh-fork -f -v -u nobody -p 192.168.11.11:443 --ssh localhost:22 --ssl localhost:443
ssh addr: localhost:ssh. libwrap service: sshd family 30 30
ssl addr: localhost:https. libwrap service: (null) family 30 30
listening on:
192.168.11.11:https
timeout to ssh: 2
listening to 1 addresses
turning into nobody
/var/run/sslh.pid: Permission denied
----
The program immediately exits after this. The issue can be avoided by specifying "-u root", but this seems undesirable. I tried changing the code to write the pid file before dropping privileges and it seems to work fine. Please see the attached patch.
Thanks,
Aaron Madlon-Kay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslh-1.10-osxpatch.diff
Type: application/octet-stream
Size: 533 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20120101/627a7fec/attachment.obj>
More information about the sslh
mailing list