Date: Wed, 2 May 2001 15:40:05 -0700 (PDT) From: Archie Cobbs <archie@packetdesign.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <200105022240.f42Me5L96431@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/26996; it has been noted by GNATS. From: Archie Cobbs <archie@packetdesign.com> To: Kris Kennaway <kris@obsecurity.org> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/26996: sshd fails when / mounted read-only Date: Wed, 02 May 2001 15:38:07 -0700 Kris Kennaway wrote: > > This patch fixes the problem, but may cause other > > security problems (or may not, I'm not sure): > > In fact it does; if the ownership and permissions of pty devices isn't > changed it allows any other users on the system to read and write to > that pty, snooping passwords and the like. The real solution would be > to use devfs or mount your /dev on a MFS or something (with a minimal > static /dev on / to handle bootstrapping). So, how about a flag to sshd to make it allow this behavior with suitably strong warnings in the man page? Also, how come e.g. telnetd doesn't have the same problem? If telnetd can work why can't sshd? -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105022240.f42Me5L96431>