Date: Fri, 04 May 2001 11:13:01 +0100 From: Brian Somers <brian@Awfulhak.org> To: Peter Pentchev <roam@orbitel.bg> Cc: Archie Cobbs <archie@packetdesign.com>, freebsd-bugs@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: bin/26996: sshd fails when / mounted read-only Message-ID: <200105041013.f44AD1B29165@hak.lan.Awfulhak.org> In-Reply-To: Message from Peter Pentchev <roam@orbitel.bg> of "Fri, 04 May 2001 08:51:33 %2B0300." <20010504085133.A13382@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
> > It seems like it should be OK to leave the tty owned by root/wheel > > (if that's who owns it) because they are a secure user and group..? > > I.e., if either one is broken then you have larger security problems > > to worry about. > > It's not just ownership; the permissions have to be changed from > the default 666, and once you change them, you had better change > the owner, too, so the logged-in user can actually use his tty.. > > Actually, telnetd does have the same weakness: on a read-only filesystem, > it leaves it to login(1) to change the tty owner/mode, and login(1) fails, > with just a syslog'd message. The user *is* logged in, but everyone > can open his tty for reading and writing. The difference is that > sshd refuses to even let the user log in. Perhaps pty permissions should default to root:wheel/600 ? > G'luck, > Peter > > -- > Nostalgia ain't what it used to be. -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org> <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105041013.f44AD1B29165>