Date: Thu, 3 May 2001 16:10:03 -0700 (PDT) From: Archie Cobbs <archie@packetdesign.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <200105032310.f43NA3Y03814@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/26996; it has been noted by GNATS. From: Archie Cobbs <archie@packetdesign.com> To: Kris Kennaway <kris@obsecurity.org> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/26996: sshd fails when / mounted read-only Date: Thu, 03 May 2001 16:00:40 -0700 Kris Kennaway wrote: > > Kris Kennaway wrote: > > > > This patch fixes the problem, but may cause other > > > > security problems (or may not, I'm not sure): > > > > > > In fact it does; if the ownership and permissions of pty devices isn't > > > changed it allows any other users on the system to read and write to > > > that pty, snooping passwords and the like. The real solution would be > > > to use devfs or mount your /dev on a MFS or something (with a minimal > > > static /dev on / to handle bootstrapping). > > > > So, how about a flag to sshd to make it allow this behavior with > > suitably strong warnings in the man page? > > I'm not sure about this..our ssh code is already difficult enough to > update because of divergences. It would be up to Brian. > > > Also, how come e.g. telnetd doesn't have the same problem? If telnetd > > can work why can't sshd? > > Not immediately sure. ...so either telnetd has a security hole, or this bug can be fixed without lessening security. Either way, we should do something.. :-) It seems like it should be OK to leave the tty owned by root/wheel (if that's who owns it) because they are a secure user and group..? I.e., if either one is broken then you have larger security problems to worry about. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105032310.f43NA3Y03814>