chisel

mirror of https://github.com/jpillora/chisel synced 2024-10-18 07:52:18 +00:00

History

Eric Sunshine a11a3dd2dd server: add reverse port forwarding restrictions Although reverse port forwarding (sharing client ports with the server) should not generally leak any resources from the server to the client, the facility may nevertheless be abused if the client is able to open a server port which is otherwise meant for some other purpose on the server. (This might happen, for instance, if a service on the server has crashed or becomes somehow disabled, thus freeing the port which would otherwise be occupied by the service.) To mitigate such potential abuse, disable reverse port forwarding by default and introduce server option --reverse to enable it explicitly. Additionally, subject reverse port forwarding remotes to server-side --authfile restrictions (for instance, "^R:0.0.0.0:7000$").	2018-12-23 16:25:45 -05:00
..
users.json	server: add reverse port forwarding restrictions	2018-12-23 16:25:45 -05:00

Eric Sunshine a11a3dd2dd server: add reverse port forwarding restrictions

Although reverse port forwarding (sharing client ports with the server)
should not generally leak any resources from the server to the client,
the facility may nevertheless be abused if the client is able to open a
server port which is otherwise meant for some other purpose on the
server. (This might happen, for instance, if a service on the server has
crashed or becomes somehow disabled, thus freeing the port which would
otherwise be occupied by the service.)

To mitigate such potential abuse, disable reverse port forwarding by
default and introduce server option --reverse to enable it explicitly.
Additionally, subject reverse port forwarding remotes to server-side
--authfile restrictions (for instance, "^R:0.0.0.0:7000$").

2018-12-23 16:25:45 -05:00

users.json

server: add reverse port forwarding restrictions

2018-12-23 16:25:45 -05:00