From owner-freebsd-bugs Fri May 4 3:22:48 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 221D337B422 for ; Fri, 4 May 2001 03:22:45 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 17632 invoked by uid 1000); 4 May 2001 10:20:54 -0000 Date: Fri, 4 May 2001 13:20:54 +0300 From: Peter Pentchev To: Brian Somers Cc: Archie Cobbs , freebsd-bugs@FreeBSD.ORG Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <20010504132054.I13382@ringworld.oblivion.bg> Mail-Followup-To: Brian Somers , Archie Cobbs , freebsd-bugs@FreeBSD.ORG References: <200105041010.f44AAYB29050@hak.lan.Awfulhak.org> <20010504131438.H13382@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010504131438.H13382@ringworld.oblivion.bg>; from roam@orbitel.bg on Fri, May 04, 2001 at 01:14:38PM +0300 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, May 04, 2001 at 01:14:38PM +0300, Peter Pentchev wrote: > On Fri, May 04, 2001 at 11:10:34AM +0100, Brian Somers wrote: > > > > > Also, how come e.g. telnetd doesn't have the same problem? If telnetd > > > > > can work why can't sshd? > > > > > > > > Not immediately sure. > > > > > > ...so either telnetd has a security hole, or this bug can be fixed > > > without lessening security. Either way, we should do something.. :-) > > > > > > It seems like it should be OK to leave the tty owned by root/wheel > > > (if that's who owns it) because they are a secure user and group..? > > > I.e., if either one is broken then you have larger security problems > > > to worry about. > > > > I'd tend to agree. The reason the chown is desired is so that things > > like mesg(1) work - but in a read-only environment I'd prefer to have > > access with no messages than to have no access at all. > > > > Of course the problem goes away with devfs - that's why I never > > complained about this before (despite it irritating me). > > Uhm.. Maybe I'm misunderstanding something here (I probably am, too :) > The way I see things, it's like this: > > 1. initially: owned by root/wheel, mode rw-rw-rw-. > 2. user login: mode changed to 600, so others cannot read/write to her tty; > 3. owner changed to the user, so she can open her own tty. > > I think both steps 2 and 3 are needed - or at least, if 2 is done, 3 is > vewwy-vewwy much needed :) Actually hmm.. If the tty's mode is initially set to 600, then there would only be a problem if the user needed to open her tty explicitly (instead of using the /dev/tty abstraction). Can anyone think of a reason for that? If not, then I guess all that's really needed is to set the tty mode to something like root/tty 620 (to allow writes from setgid tty programs, like write(1)), and teach login(1), sshd(8) and other login utilities to not attempt chown/chmod's. G'luck, Peter -- If I had finished this sentence, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message