Re: Read-only on /dev/tty causes ssh-add to show passwords when typed and ssh'ing to new hosts to fail

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, 20 Jul 2014, Gert Doering wrote:

> Hi,
> 
> On Sun, Jul 20, 2014 at 08:01:42PM +1000, Damien Miller wrote:
> > There isn't much ssh can do with bad permissions on /dev/tty.
> 
> Well - you could issue an error message and die.
> 
> Termios operation on stdin(-connected-to-a-tty) do not need /dev/tty, so

we can't depend on stdin as tty. Otherwise "ssh foo < /somefile" wouldn't
work.

> there must be some explicit open() somewhere - and if that fails, do not
> go on.  Without having checked the code, it might be some sort of corner
> case ("if this fails we do not have a controlling tty, so use stdin instead
> and do not try to turn off echo instead!" - not differenciating between
> the error for "no controlling tty" and "broken permissions").

that sounds like a whole lot of special cases to deal with someone who
has broken their /dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux