openssh unix dev - Mar 2001 - Forcing PTY usage.

I have been studing the OpenSSH code, and am looking to use it in an
envriornment with untrusted local users.  I have some patches to this
effect, which I will post to the list in due course.

In any case, I would like all users who sucessfully authenitcate to
leave their mark in the system logs, in particular utmp and wtmp.  As
these logs mean didily-squat without unique terminal names (and don't
work anyway), I was wondering what would happen if all sesions were
forced to use a pty?  I presume the 'forced' tty would need to be
modified to ignore escape characters, but are there any other fundemenal
problmes with the idea?

Thanks,
Andrew Bartlett
-- 
Andrew Bartlett
abartlet at pcug.org.au

On Fri, 9 Mar 2001, Andrew Bartlett wrote:
> I have been studing the OpenSSH code, and am looking to use it in an
> envriornment with untrusted local users.  I have some patches to this
> effect, which I will post to the list in due course.
>
> In any case, I would like all users who sucessfully authenitcate to
> leave their mark in the system logs, in particular utmp and wtmp.  As
> these logs mean didily-squat without unique terminal names (and don't
> work anyway), I was wondering what would happen if all sesions were
> forced to use a pty?  I presume the 'forced' tty would need to be
> modified to ignore escape characters, but are there any other fundemenal
> problmes with the idea?
ptys are not 8-bit clean.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor
man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan
Geer