Re: Is there socksify script for dynamics forwardings to unix domain sockets?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, Feb 21, 2018 at 4:59 PM Damien Miller <djm@xxxxxxxxxxx> wrote:

> On Wed, 21 Feb 2018, Jö Fahlke wrote:
>
> > Am Di, 20. Feb 2018, 23:13:16 -0800 schrieb Dan Kaminsky:
> > > Date: Tue, 20 Feb 2018 23:13:16 -0800
> > > From: Dan Kaminsky <dan@xxxxxxxxxxx>
> > > To: Jö Fahlke <jorrit@xxxxxxxxx>
> > > Cc: openssh-unix-dev@xxxxxxxxxxx
> > > Subject: Re: Is there socksify script for dynamics forwardings to unix
> > >  domain sockets?
> > >
> > > Whoa.  That's pretty cool.
> > >
> > > Empirically, how well do LD_PRELOAD scripts work in grabbing all socket
> > > calls?
> >
> > Good point, I did not check that before, so I tried now (with tsocks on
> Debian
> > stretch and the "ssh -D" socks port on a random port on localhost) and
> got
> > mixed results.  Generally, anything name-lookup related does not seem to
> work
> > and I have to use IP addresses.
>
> Yeah, IMO it would be better to write a small userspace NAT helper e.g.
> using IPPROTO_DIVERT that proxied things via SOCKS (assuming someone
> hasn't already done this).
>
> -d


There’s a couple strategies I’ve been looking at for other reasons
(universal TLS on all sockets, mainly). Seccomp trapping, expanding of the
preload to DNS calls, using some other security hooks. Will report back.

>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux