skip pty chown if it is group owned by nogroup

Open rd235 opened this issue 1 year ago • 1 comments

My goal is to use dropbear to log-in into unprivileged network namespaces (like those created by vdens: https://github.com/rd235/vdens )

Dropbear's pty supports fails as in unprivileged namespaces the group ownership of /dev/pty/* is remapped to "nogroup" (instead of "tty").

This patch avoids changing pty's group ownership if it is group owned by "nogroup" (as if it were owned by "tty").

Jan 22 '24 16:01 rd235

I don't think this is correct. It will allow using a pty that is owned by any arbitrary user (in the parent namespace), but then that user in the parent namespace will be able to intercept the tty. At least that's my understanding of it - I'm a bit unclear exactly what the mapping is between namespaces.

Apr 02 '24 09:04 mkj