sshd as non-root
mouring at etoh.eviladmin.org
Mon Sep 29 03:59:51 EST 2003
On Sun, 28 Sep 2003, Carson Gaspar wrote:
> --On Sunday, September 28, 2003 4:39 PM +1000 Damien Miller
> <djm at mindrot.org> wrote:
> > I think that all platforms supported by portable OpenSSH require root
> > for TTY assignment. I believe that some platforms can get away with
> > non-root, but with a sgid helper but we haven't followed that up.
> If the platform supports grantpt() (part of SUSv2), why is root needed?
I don't see how grantpt() solves anything unless your implying that by
default every tty is 777 so anything can grab and modify the permissions.
Which is still insecure because someone could open the TTY for read/write
before grantpt() does.
I suspect on most systems you'd get:
The corresponding slave pseudo-terminal device could not be accessed.
if you tried it as a user.
More information about the openssh-unix-dev