From owner-freebsd-bugs Mon Apr 30 13:30:25 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A08F437B440 for ; Mon, 30 Apr 2001 13:30:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f3UKU0O63390; Mon, 30 Apr 2001 13:30:00 -0700 (PDT) (envelope-from gnats) Received: from mailman.packetdesign.com (dns.packetdesign.com [65.192.41.10]) by hub.freebsd.org (Postfix) with ESMTP id EDC4137B422 for ; Mon, 30 Apr 2001 13:21:33 -0700 (PDT) (envelope-from archie@packetdesign.com) Received: from bubba.packetdesign.com (bubba.packetdesign.com [192.168.0.223]) by mailman.packetdesign.com (8.11.0/8.11.0) with ESMTP id f3UKLW218859 for ; Mon, 30 Apr 2001 13:21:32 -0700 (PDT) (envelope-from archie@packetdesign.com) Received: (from archie@localhost) by bubba.packetdesign.com (8.11.3/8.11.1) id f3UKLVK15344; Mon, 30 Apr 2001 13:21:31 -0700 (PDT) (envelope-from archie) Message-Id: <200104302021.f3UKLVK15344@bubba.packetdesign.com> Date: Mon, 30 Apr 2001 13:21:31 -0700 (PDT) From: Archie Cobbs Reply-To: archie@packetdesign.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/26996: sshd fails when / mounted read-only Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26996 >Category: bin >Synopsis: sshd fails when / mounted read-only >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 30 13:30:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Archie Cobbs >Release: FreeBSD 4.3-RELEASE i386 >Organization: Packet Design >Environment: System: FreeBSD bubba.packetdesign.com 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Thu Apr 26 15:28:39 PDT 2001 root@bubba.packetdesign.com:/usr/obj/usr/src/sys/BUBBA i386 >Description: sshd will not allow login when the root filesystem is mounted read-only, because it tries to change user/group ownership of a file in /dev. Newer sshd handles this IF the uid and gid are already the same (see patch: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/pty.c.diff?r1=1.16&r2=1.17 ) but this wouldn't fix the problem -- on my system, ssh'ing in as root causes the /dev/ttypX entry's user to be that of the user and group to be changed from "wheel" to "tty". >How-To-Repeat: - Take a FreeBSD 4.3 system. - Set "PermitRootLogin yes" in /etc/ssh/sshd_config - Enable/restart sshd - Mount the root filesystem read-only - Try to ssh login as root from another machine This happens to me when trying to login as root, but I'm pretty sure it will happen with any other user as well. >Fix: This patch fixes the problem, but may cause other security problems (or may not, I'm not sure): Index: crypto/openssh/pty.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh/pty.c,v retrieving revision 1.2.2.2 diff -u -r1.2.2.2 pty.c --- crypto/openssh/pty.c 2000/10/28 23:00:49 1.2.2.2 +++ crypto/openssh/pty.c 2001/04/09 21:08:52 @@ -181,9 +181,13 @@ pty_release(const char *ttyname) { if (chown(ttyname, (uid_t) 0, (gid_t) 0) < 0) - error("chown %.100s 0 0 failed: %.100s", ttyname, strerror(errno)); + if(errno != EROFS) + error("chown %.100s 0 0 failed: %.100s", + ttyname, strerror(errno)); if (chmod(ttyname, (mode_t) 0666) < 0) - error("chmod %.100s 0666 failed: %.100s", ttyname, strerror(errno)); + if(errno != EROFS) + error("chmod %.100s 0666 failed: %.100s", + ttyname, strerror(errno)); } /* Makes the tty the processes controlling tty and sets it to sane modes. */ @@ -272,9 +276,11 @@ /* Change ownership of the tty. */ if (chown(ttyname, pw->pw_uid, gid) < 0) - fatal("chown(%.100s, %d, %d) failed: %.100s", - ttyname, pw->pw_uid, gid, strerror(errno)); + if(errno != EROFS) + fatal("chown(%.100s, %d, %d) failed: %.100s", + ttyname, pw->pw_uid, gid, strerror(errno)); if (chmod(ttyname, mode) < 0) - fatal("chmod(%.100s, 0%o) failed: %.100s", - ttyname, mode, strerror(errno)); + if(errno != EROFS) + fatal("chmod(%.100s, 0%o) failed: %.100s", + ttyname, mode, strerror(errno)); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message