Date: Wed, 2 May 2001 19:00:03 -0700 (PDT) From: Kris Kennaway <kris@obsecurity.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <200105030200.f43203I20305@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/26996; it has been noted by GNATS. From: Kris Kennaway <kris@obsecurity.org> To: Archie Cobbs <archie@packetdesign.com> Cc: Kris Kennaway <kris@obsecurity.org>, FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/26996: sshd fails when / mounted read-only Date: Wed, 2 May 2001 18:57:38 -0700 --AjmyJqqohANyBN/e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 02, 2001 at 03:38:07PM -0700, Archie Cobbs wrote: > Kris Kennaway wrote: > > > This patch fixes the problem, but may cause other > > > security problems (or may not, I'm not sure): > >=20 > > In fact it does; if the ownership and permissions of pty devices isn't > > changed it allows any other users on the system to read and write to > > that pty, snooping passwords and the like. The real solution would be > > to use devfs or mount your /dev on a MFS or something (with a minimal > > static /dev on / to handle bootstrapping). >=20 > So, how about a flag to sshd to make it allow this behavior with > suitably strong warnings in the man page? I'm not sure about this..our ssh code is already difficult enough to update because of divergences. It would be up to Brian. > Also, how come e.g. telnetd doesn't have the same problem? If telnetd > can work why can't sshd? Not immediately sure. Kris --AjmyJqqohANyBN/e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE68LsSWry0BWjoQKURAkKkAKCeoBynPjBqAga1nSDeAQEm1z9NKACfSCt9 QtNxUI8hC6qEXGhBtrZlI+8= =3PsB -----END PGP SIGNATURE----- --AjmyJqqohANyBN/e-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105030200.f43203I20305>