Subject: sshd and read-only filesystem
To: None <>
From: Emmanuel Dreyfus <>
List: tech-security
Date: 07/09/2001 23:56:13
When /dev is read-only, sshd will refuse to log you in with an
interactive shell (you can still run remote commands "ssh ls").

The problem is that it cannot chown the pty device to the ssh user, and
this is a fatal error. I patched sshd so that this error is not fatal
anymore, and it works fine.

What are the security implications of running on a pty that is onwned by
someone else? Would it be okay to allow using a pty that is not owned by
the ssh user but by root instead? (that way if you want a read-only
/dev, you just chown root tty* before going read-only)

And login is able to log an user on a system with /dev read-only. Why
doesn't it has the same problem than sshd? Did we forget handling this
in login, or do we have to too strict checking in sshd?

Emmanuel Dreyfus.
Si la reponse est NT, c'est probablement 
que vous n'avez pas compris la question.