Post

Replies

Boosts

Views

Activity

Reply to Binding on priviledged ports on macOS
I ran into one specific case where it's desirable to bind a specific IP address rather than a named interface: qemu's hostfwd option. Specifically, qemu's hostfwd option only permits two alternatives when specifying the host address to bind to: Bind to a specific IP address (e.g. 127.0.0.1) Omit the host address, which defaults to binding 0.0.0.0 (a.k.a. INADDR_ANY / *) Notably, you cannot bind to a network interface name like localhost when using qemu's hostfwd option so Quinn's suggested workaround of specifying a network interface name does not work here. Only the latter option of binding 0.0.0.0 works for unprivileged users. This means that currently there is not a good way for an unprivileged user to run a qemu VM on macOS that you can ssh into from the host. Ideally, you'd like to specify a hostfwd rule of the form hostfwd=tcp:127.0.0.1:22-:22 so that the SSH port is only available to the host (on 127.0.0.1), but macOS currently forbids binding to 127.0.0.1:22 for unprivileged users. To work around this you have to instead specify hostfwd=tcp::22-:22, which binds to 0.0.0.0 on the host, but that is undesirable because it will ask the user if they want to open the firewall (because it is attempting to gratuitously bind on all public network interfaces). In the best case scenario the user is knowledgeable enough to deny the firewall open request (since it's not necessary to open the firewall to connect on localhost). In the worst case scenario the user accepts the prompt to open the firewall and now the VM's ssh port is now public and reachable from any machine that can connect to the user's machine. So I'd like to request generalizing the feature so that privileged ports can be bound by unprivileged users even for specific IP addresses. I can open a separate issue if necessary to track that request.
Jan ’23