>Still about the sshd running on a read-only /dev: sshd now accepts to
>log in if the tty is owned by root and the filesystem is read-only,
>Additionnaly, it wants the tty to be mode 620, else the connexion is
>rejected.
>
>Thus, it's now possible to use sshd with a read-only /dev, but this
>needs a minor setup: we need to chmod 620 /dev/tty* before the media
>goes read-only. It would be nice to have a default setup that makes
>possible to use sshd with a read-only /dev.
>
>Currently, /dev/tty* are created mode 600 root/wheel. Is there any
>problem creating them mode 620 root/tty? Do we ever chgrp them to
>something else than group tty? And is there any implication of allowing
>group tty to write on a non allocated tty?

	I don't think this reasonable.  this shouldn't be done.
	if you want non-default config for /dev, you configure them right by
	yourself.  if we are going to ship /dev read-only by default, i can
	buy the above proposal, but that won't happen.

	note that, sshd is not the only application we ran, which plays with
	ptys.

itojun