|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Emmanuel Dreyfus (manu
netbsd.org)Date: Mon Jul 09 2001 - 16:56:13 CDT
When /dev is read-only, sshd will refuse to log you in with an
interactive shell (you can still run remote commands "ssh
somewhere.over-the-rainbow.com ls").
The problem is that it cannot chown the pty device to the ssh user, and
this is a fatal error. I patched sshd so that this error is not fatal
anymore, and it works fine.
What are the security implications of running on a pty that is onwned by
someone else? Would it be okay to allow using a pty that is not owned by
the ssh user but by root instead? (that way if you want a read-only
/dev, you just chown root tty* before going read-only)
And login is able to log an user on a system with /dev read-only. Why
doesn't it has the same problem than sshd? Did we forget handling this
in login, or do we have to too strict checking in sshd?
-- Emmanuel Dreyfus. Si la reponse est NT, c'est probablement que vous n'avez pas compris la question. manu
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]