Date: Fri, 4 May 2001 13:20:54 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Brian Somers <brian@Awfulhak.org> Cc: Archie Cobbs <archie@packetdesign.com>, freebsd-bugs@FreeBSD.ORG Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <20010504132054.I13382@ringworld.oblivion.bg> In-Reply-To: <20010504131438.H13382@ringworld.oblivion.bg>; from roam@orbitel.bg on Fri, May 04, 2001 at 01:14:38PM %2B0300 References: <archie@packetdesign.com> <200105041010.f44AAYB29050@hak.lan.Awfulhak.org> <20010504131438.H13382@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 04, 2001 at 01:14:38PM +0300, Peter Pentchev wrote: > On Fri, May 04, 2001 at 11:10:34AM +0100, Brian Somers wrote: > > > > > Also, how come e.g. telnetd doesn't have the same problem? If telnetd > > > > > can work why can't sshd? > > > > > > > > Not immediately sure. > > > > > > ...so either telnetd has a security hole, or this bug can be fixed > > > without lessening security. Either way, we should do something.. :-) > > > > > > It seems like it should be OK to leave the tty owned by root/wheel > > > (if that's who owns it) because they are a secure user and group..? > > > I.e., if either one is broken then you have larger security problems > > > to worry about. > > > > I'd tend to agree. The reason the chown is desired is so that things > > like mesg(1) work - but in a read-only environment I'd prefer to have > > access with no messages than to have no access at all. > > > > Of course the problem goes away with devfs - that's why I never > > complained about this before (despite it irritating me). > > Uhm.. Maybe I'm misunderstanding something here (I probably am, too :) > The way I see things, it's like this: > > 1. initially: owned by root/wheel, mode rw-rw-rw-. > 2. user login: mode changed to 600, so others cannot read/write to her tty; > 3. owner changed to the user, so she can open her own tty. > > I think both steps 2 and 3 are needed - or at least, if 2 is done, 3 is > vewwy-vewwy much needed :) Actually hmm.. If the tty's mode is initially set to 600, then there would only be a problem if the user needed to open her tty explicitly (instead of using the /dev/tty abstraction). Can anyone think of a reason for that? If not, then I guess all that's really needed is to set the tty mode to something like root/tty 620 (to allow writes from setgid tty programs, like write(1)), and teach login(1), sshd(8) and other login utilities to not attempt chown/chmod's. G'luck, Peter -- If I had finished this sentence, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010504132054.I13382>