Date: Fri, 04 May 2001 11:10:34 +0100 From: Brian Somers <brian@Awfulhak.org> To: Archie Cobbs <archie@packetdesign.com> Cc: freebsd-bugs@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <200105041010.f44AAYB29050@hak.lan.Awfulhak.org> In-Reply-To: Message from Archie Cobbs <archie@packetdesign.com> of "Thu, 03 May 2001 16:10:03 PDT." <200105032310.f43NA3Y03814@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Also, how come e.g. telnetd doesn't have the same problem? If telnetd > > > can work why can't sshd? > > > > Not immediately sure. > > ...so either telnetd has a security hole, or this bug can be fixed > without lessening security. Either way, we should do something.. :-) > > It seems like it should be OK to leave the tty owned by root/wheel > (if that's who owns it) because they are a secure user and group..? > I.e., if either one is broken then you have larger security problems > to worry about. I'd tend to agree. The reason the chown is desired is so that things like mesg(1) work - but in a read-only environment I'd prefer to have access with no messages than to have no access at all. Of course the problem goes away with devfs - that's why I never complained about this before (despite it irritating me). > -Archie > > __________________________________________________________________________ > Archie Cobbs * Packet Design * http://www.packetdesign.com -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105041010.f44AAYB29050>