Date: Wed, 2 May 2001 15:20:03 -0700 (PDT) From: Kris Kennaway <kris@obsecurity.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <200105022220.f42MK3k95093@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/26996; it has been noted by GNATS. From: Kris Kennaway <kris@obsecurity.org> To: Archie Cobbs <archie@packetdesign.com> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/26996: sshd fails when / mounted read-only Date: Wed, 2 May 2001 15:11:21 -0700 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Apr 30, 2001 at 01:21:31PM -0700, Archie Cobbs wrote: > This patch fixes the problem, but may cause other > security problems (or may not, I'm not sure): In fact it does; if the ownership and permissions of pty devices isn't changed it allows any other users on the system to read and write to that pty, snooping passwords and the like. The real solution would be to use devfs or mount your /dev on a MFS or something (with a minimal static /dev on / to handle bootstrapping). Kris --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE68IYJWry0BWjoQKURAnphAKDGG/iXTGrGqS8mf9LT6nXMNsk9GQCgvpQy ySogkCEX/rBlHl3TjkfGD9s= =9uek -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105022220.f42MK3k95093>