Subject: Re: sshd and read-only filesystem
To: None <>
From: Christos Zoulas <>
List: tech-security
Date: 07/09/2001 22:53:49
In article <1eway3e.y8x1yfsh3ud6M@[]>,
Emmanuel Dreyfus <> wrote:

It is all historical remnants of old code. In the old days it was
not considered so bad running on a tty you did not own, but now it
is (and rightfully so). So old programs did not check, or checked
and warned, newer ones check and exit. The largest concern there
used to be TIOCSTI, but that is limited to the superuser in modern
unixes. There of course other security problems accociated with
not owning your tty....


>When /dev is read-only, sshd will refuse to log you in with an
>interactive shell (you can still run remote commands "ssh
> ls").
>The problem is that it cannot chown the pty device to the ssh user, and
>this is a fatal error. I patched sshd so that this error is not fatal
>anymore, and it works fine.
>What are the security implications of running on a pty that is onwned by
>someone else? Would it be okay to allow using a pty that is not owned by
>the ssh user but by root instead? (that way if you want a read-only
>/dev, you just chown root tty* before going read-only)
>And login is able to log an user on a system with /dev read-only. Why
>doesn't it has the same problem than sshd? Did we forget handling this
>in login, or do we have to too strict checking in sshd?
>Emmanuel Dreyfus.
>Si la reponse est NT, c'est probablement 
>que vous n'avez pas compris la question.