Subject: Re: sshd and read-only filesystem
To: Christos Zoulas <firstname.lastname@example.org>
From: Emmanuel Dreyfus <email@example.com>
Date: 07/10/2001 22:01:33
> It is all historical remnants of old code. In the old days it was
> not considered so bad running on a tty you did not own, but now it
> is (and rightfully so). So old programs did not check, or checked
> and warned, newer ones check and exit. The largest concern there
> used to be TIOCSTI, but that is limited to the superuser in modern
> unixes. There of course other security problems accociated with
> not owning your tty....
But it is a pain to be unable to use sshd with a read-only filesystem.
You may want to setup a firewall or sniffer with the filesystem mounted
read-only and securelevel=2, or even with a read-only boot media (hard
disk write protected using a jumper, CDROM, or why not just an EPROM if
we are running on an embeded device?), so that if it is compromised you
remain absolutely certain that rebooting the system will bring back a
clean state. And it is usefull to be able to ssh to such a box, for
instance for running tcpdump, collecting statistics, or simply for
adding ipf rules.
Would there be a problem if we allow using a pty that you do not own if
it is owned by root? After all, the risk is that root snoops what you
are doing on your pty, but root can always snoop any pty, regardless who
is the owner, isn't it?