Subject: Re: sshd and read-only filesystem
To: None <>
From: Michael Richardson <>
List: tech-security
Date: 07/14/2001 20:31:50
>>>>> "Emmanuel" == Emmanuel Dreyfus <> writes:
    Emmanuel> But it is a pain to be unable to use sshd with a read-only
    Emmanuel> filesystem.

    Emmanuel> Would there be a problem if we allow using a pty that you do
    Emmanuel> not own if it is owned by root? After all, the risk is that
    Emmanuel> root snoops what you are doing on your pty, but root can always
    Emmanuel> snoop any pty, regardless who is the owner, isn't it?

  I think that this is reasonable.

  Historically, the SSH client also complains a lot if you are running from
a floppy-disk boot, since it can't find stuff in /etc/passwd, etc.. Booting
from floppy/cdrom to do:

     ssh -l myid myserver dd if=/dev/rst0 | (cd /mnt; restore -if - )

  From a security point of view, it would be simpler if one could even run
"sshd -D" from the floppy/cdrom boot in a way that simply asked:
      "X @ Y wants to run "cd /mnt; restore -if -" (y/n)

  This means that the backup server never has to allow password logins at

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [