Date: Fri, 4 May 2001 08:51:33 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Archie Cobbs <archie@packetdesign.com> Cc: freebsd-bugs@FreeBSD.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <20010504085133.A13382@ringworld.oblivion.bg> In-Reply-To: <200105032310.f43NA3Y03814@freefall.freebsd.org>; from archie@packetdesign.com on Thu, May 03, 2001 at 04:10:03PM -0700 References: <200105032310.f43NA3Y03814@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 03, 2001 at 04:10:03PM -0700, Archie Cobbs wrote: > The following reply was made to PR bin/26996; it has been noted by GNATS. > > From: Archie Cobbs <archie@packetdesign.com> > To: Kris Kennaway <kris@obsecurity.org> > Cc: FreeBSD-gnats-submit@FreeBSD.ORG > Subject: Re: bin/26996: sshd fails when / mounted read-only > Date: Thu, 03 May 2001 16:00:40 -0700 > > Kris Kennaway wrote: > > > Kris Kennaway wrote: > > > > > This patch fixes the problem, but may cause other > > > > > security problems (or may not, I'm not sure): > > > > > > > > In fact it does; if the ownership and permissions of pty devices isn't > > > > changed it allows any other users on the system to read and write to > > > > that pty, snooping passwords and the like. The real solution would be > > > > to use devfs or mount your /dev on a MFS or something (with a minimal > > > > static /dev on / to handle bootstrapping). > > > > > > So, how about a flag to sshd to make it allow this behavior with > > > suitably strong warnings in the man page? > > > > I'm not sure about this..our ssh code is already difficult enough to > > update because of divergences. It would be up to Brian. > > > > > Also, how come e.g. telnetd doesn't have the same problem? If telnetd > > > can work why can't sshd? > > > > Not immediately sure. > > ...so either telnetd has a security hole, or this bug can be fixed > without lessening security. Either way, we should do something.. :-) > > It seems like it should be OK to leave the tty owned by root/wheel > (if that's who owns it) because they are a secure user and group..? > I.e., if either one is broken then you have larger security problems > to worry about. It's not just ownership; the permissions have to be changed from the default 666, and once you change them, you had better change the owner, too, so the logged-in user can actually use his tty.. Actually, telnetd does have the same weakness: on a read-only filesystem, it leaves it to login(1) to change the tty owner/mode, and login(1) fails, with just a syslog'd message. The user *is* logged in, but everyone can open his tty for reading and writing. The difference is that sshd refuses to even let the user log in. G'luck, Peter -- Nostalgia ain't what it used to be. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010504085133.A13382>