Date: Mon, 30 Apr 2001 13:21:31 -0700 (PDT) From: Archie Cobbs <archie@packetdesign.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/26996: sshd fails when / mounted read-only Message-ID: <200104302021.f3UKLVK15344@bubba.packetdesign.com>
next in thread | raw e-mail | index | archive | help
>Number: 26996 >Category: bin >Synopsis: sshd fails when / mounted read-only >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 30 13:30:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Archie Cobbs >Release: FreeBSD 4.3-RELEASE i386 >Organization: Packet Design >Environment: System: FreeBSD bubba.packetdesign.com 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Thu Apr 26 15:28:39 PDT 2001 root@bubba.packetdesign.com:/usr/obj/usr/src/sys/BUBBA i386 >Description: sshd will not allow login when the root filesystem is mounted read-only, because it tries to change user/group ownership of a file in /dev. Newer sshd handles this IF the uid and gid are already the same (see patch: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/pty.c.diff?r1=1.16&r2=1.17 ) but this wouldn't fix the problem -- on my system, ssh'ing in as root causes the /dev/ttypX entry's user to be that of the user and group to be changed from "wheel" to "tty". >How-To-Repeat: - Take a FreeBSD 4.3 system. - Set "PermitRootLogin yes" in /etc/ssh/sshd_config - Enable/restart sshd - Mount the root filesystem read-only - Try to ssh login as root from another machine This happens to me when trying to login as root, but I'm pretty sure it will happen with any other user as well. >Fix: This patch fixes the problem, but may cause other security problems (or may not, I'm not sure): Index: crypto/openssh/pty.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/pty.c,v retrieving revision 1.2.2.2 diff -u -r1.2.2.2 pty.c --- crypto/openssh/pty.c 2000/10/28 23:00:49 1.2.2.2 +++ crypto/openssh/pty.c 2001/04/09 21:08:52 @@ -181,9 +181,13 @@ pty_release(const char *ttyname) { if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0) - error("chown %.100s 0 0 failed: %.100s", ttyname, strerror(errno)); + if(errno != EROFS) + error("chown %.100s 0 0 failed: %.100s", + ttyname, strerror(errno)); if (chmod(ttyname, (mode_t) 0666) < 0) - error("chmod %.100s 0666 failed: %.100s", ttyname, strerror(errno)); + if(errno != EROFS) + error("chmod %.100s 0666 failed: %.100s", + ttyname, strerror(errno)); } /* Makes the tty the processes controlling tty and sets it to sane modes. */ @@ -272,9 +276,11 @@ /* Change ownership of the tty. */ if (chown(ttyname, pw->pw_uid, gid) < 0) - fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, strerror(errno)); + if(errno != EROFS) + fatal("chown(%.100s, %d, %d) failed: %.100s", + ttyname, pw->pw_uid, gid, strerror(errno)); if (chmod(ttyname, mode) < 0) - fatal("chmod(%.100s, 0%o) failed: %.100s", - ttyname, mode, strerror(errno)); + if(errno != EROFS) + fatal("chmod(%.100s, 0%o) failed: %.100s", + ttyname, mode, strerror(errno)); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104302021.f3UKLVK15344>