[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Heinrich Schuchardt xypron.glpk at gmx.de
Wed Dec 23 06:42:25 EST 2015

On 12/23/2015 08:54 AM, Daniel Dickinson wrote:
> On 23/12/15 02:44 AM, Heinrich Schuchardt wrote:
>> Hello Daniel,
>> my TP-LINK MR3020 (AR71XX, OpenWrt 15.05) uses /dev/ttyATH0 as serial
>> console .
>> I could not find this device in the getty commands of the inittab that
>> you create in the patch below.
> For that patch for ar71xx it is somewhat tricky because different boards
> have different serial devices so it is necessary to use an uci-default
> scriptlet that modifies inittab based on the actual console device
> (which on ar71xx is on kernel commandline).
> However, I don't particularly like that solution and am investigating
> alternative measures that allow to embed a working inittab in the
> squashfs (basically I'm hoping I'm reading agetty docs right and I can
> 'cheat' and sidestep the question of the name of the console device; but
> will test; fortunately I have ar71xx since that's the hardest one,
> although ramips I couldn't find what the serial console was either, so
> it may actually need this even more).
>> I would feel more comfortable having a password verification on my
>> router. Shouldn't this be default on all targets?
> Not my call.  If the core devs want to do that once I get this resolved
> that is up to them.

Dear core devs,

A case that has to be opened does not provide any real security at all.
A password for console access is a necessity.
Every non-free router has a console password, why not OpenWrt?

> Besides having passwordless serial console on a typical router is not a
> significant issue because you have to hack the hardware to get a serial
> attached (at least opening the case being required is the norm).  The
> reason I create this patch was more for situations like running OpenWrt
> on generic PC's or Raspberry Pi/Pi2 where it's trivial to get hardware
> console access (even for someone with basically no skills or specialized
> equipment).

A Raspberry typically is also in a case which has to be opened to get
access to the serial port:


Heinrich Schuchardt
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list