https://bugzilla.mindrot.org/show_bug.cgi?id=2813
--- Comment #6 from Darren Tucker <[email protected]> --- (In reply to Oliver Freyermuth from comment #5) > This does indeed sound like a valid dirty hack that could be used > for all self-made containers! I'll give it a spin in the next days. > > It does not scale, though: This would mean all containers out there > (for example the hundreds of thousands on DockerHub) would need that > hack to the group-file. If your system is violating POSIX by making chown() do strange things or stat() lie then any workarounds that are required are on you. OpenSSH is deployed on a lot of systems on many platforms and configurations. Unix pty handling is already weird enough without adding hacks for such cases. > This fallback, in my opinion, makes things even more strange: Why > only fallback when tty is not in the groups file, and not fallback > always? Is there any reason to care if the pty belongs to a group > named "tty" explicitly (and only if that exists) instead of just > caring for the actual permissions? Yes, eg on some systems tools such as write(1) rely on being able to open the tty device by virtue of being setgid tty: $ uname -sr; ls -l `which write` Linux 4.18.10-200.fc28.x86_64 -rwxr-sr-x 1 root tty 20328 Jul 16 21:56 /usr/bin/write -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
