From root@ACT-Europe.FR  Mon Dec 30 08:27:49 2002
Return-Path: <root@ACT-Europe.FR>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E042B37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 30 Dec 2002 08:27:49 -0800 (PST)
Received: from dublin.ACT-Europe.FR (dublin.act-europe.fr [212.157.227.154])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E90A643ED4
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 30 Dec 2002 08:27:48 -0800 (PST)
	(envelope-from root@ACT-Europe.FR)
Received: from zuydcoote.int.act-europe.fr (zuydcoote.int.act-europe.fr [10.10.0.161])
	by dublin.ACT-Europe.FR (Postfix) with ESMTP id B9730229E2F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 30 Dec 2002 17:27:47 +0100 (MET)
Received: by zuydcoote.int.act-europe.fr (Postfix, from userid 0)
	id 3A851121; Mon, 30 Dec 2002 17:27:47 +0100 (CET)
Message-Id: <20021230162747.3A851121@zuydcoote.int.act-europe.fr>
Date: Mon, 30 Dec 2002 17:27:47 +0100 (CET)
From: Thomas Quinot <thomas@freebsd.org>
Sender: root@ACT-Europe.FR
Reply-To: Thomas Quinot <thomas@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Can't ssh after su (/dev/tty permission denied)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         46635
>Category:       bin
>Synopsis:       Can't ssh after su (/dev/tty permission denied)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 30 08:30:02 PST 2002
>Closed-Date:    Mon Jan 13 14:21:30 PST 2003
>Last-Modified:  Mon Jan 13 14:21:30 PST 2003
>Originator:     Thomas Quinot <thomas@freebsd.org>
>Release:        FreeBSD 5.0-DP2 i386
>Organization:
>Environment:
System: FreeBSD zuydcoote.int 5.0-DP2 FreeBSD 5.0-DP2 #0: Fri Dec 27 14:24:57 CET 2002 quinot@zuydcoote.int:/usr/src/sys/i386/compile/ZUYDCOOTE i386


	
>Description:
	If I su from one user to another, I am unable to make an
	outgoing ssh connection from the su'd shell using password
	authentication, because ssh tries (and fails) to open /dev/tty
	(which still belongs to the original user).

	This used to work on -STABLE because /dev/tty was not the same
	device as the actual tty device, and could therefore have 666
	permissions (which make sense -- allowing each process to open
	its own controlling tty).

>How-To-Repeat:

zuydcoote# ls -l /dev/tty
crw--w----  1 root  tty    5,   0 Dec 30 17:22 /dev/tty
zuydcoote# su - quinot
(quinot@zuydcoote) ~ $ ssh remote.host
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,hostbased).
(quinot@zuydcoote) ~ $ ls -l /dev/tty
crw--w----  1 root  tty    5,   0 30 dec 17:22 /dev/tty

>Fix:
	None known so far (apart from working around the problem
	by setting /dev/tty* to 0666...).
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Mon Jan 13 14:20:59 PST 2003 
State-Changed-Why:  
This should be fixed with rev 1.58 of devfs_vnops.c. 

Thanks for a good analysis. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46635 
>Unformatted:
