Bug#771625: openssh-server: Please add ProtectSystem=yes to service file

To: Micah Anderson <micah@debian.org>
Cc: 771625@bugs.debian.org
Subject: Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
From: Russ Allbery <rra@debian.org>
Date: Sun, 30 Nov 2014 20:08:54 -0800
Message-id: <[🔎] 87tx1groyx.fsf@hope.eyrie.org>
Reply-to: Russ Allbery <rra@debian.org>, 771625@bugs.debian.org
In-reply-to: <[🔎] 20141201034430.21407.89800.reportbug@muck.riseup.net> (Micah Anderson's message of "Sun, 30 Nov 2014 22:44:30 -0500")
References: <[🔎] 20141201034430.21407.89800.reportbug@muck.riseup.net>

Micah Anderson <micah@debian.org> writes:

> If you add the option ProtectSystem=yes to the service file, then the
> daemon will not have the ability to write to /usr.

How does this interact with the OpenSSH daemon, which spawns user shells?
I was (blindly) assuming that these security settings would be inherited
by all child processes of the spawned process, so you'd end up with shells
that also had read-only /usr, possibly interfering with later sudo, su, or
other similar operations.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
  - From: micah <micah@debian.org>

References:
- Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
  - From: Micah Anderson <micah@debian.org>

Prev by Date: Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
Next by Date: Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
Previous by thread: Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
Next by thread: Bug#771625: openssh-server: Please add ProtectSystem=yes to service file
Index(es):
- Date
- Thread