[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Daniel Dickinson openwrt at daniel.thecshore.com
Wed Dec 23 07:43:14 EST 2015


Oh, and I think that initially this should be default off configuration 
option that people who are able to flash firmware via bootloader in case 
of getting locked out encourage to test before pushing this as default.

I'd hate to have some corner case result in bricked routers for people 
who have no means of recovering from a bad flash.

Regards,

Daniel

On 23/12/15 07:35 AM, John Crispin wrote:
>
>
> On 23/12/2015 13:32, Daniel Dickinson wrote:
>> I'm inclined to make the opt-out an image generation time decision
>> rather than configurable on the overlayfs for what I think are obvious
>> reasons.
>
> yep, that would be the best choice.
>
>
>>
>> Regards,
>>
>> Daniel
>>
>> On 23/12/15 07:24 AM, John Crispin wrote:
>>>
>>>
>>> On 23/12/2015 13:05, Imre Kaloz wrote:
>>>> Hi Daniel,
>>>>
>>>> On Wed, 23 Dec 2015 07:58:59 +0100, Daniel Dickinson
>>>> <openwrt at daniel.thecshore.com> wrote:
>>>>
>>>>> I am reworking this (requiring console login) as couple of packages
>>>>> for the packages feed, although it may require an image.mk or packages
>>>>> Makefile hook in order to embed an appropriate inittab into the image
>>>>> (since the inittab will need to be modified and we need to guarantee
>>>>> the correct order of actions; and inittab comes from base-files which
>>>>> is last thing done in the packages Makefile).
>>>>
>>>> I hope the other devs will chime in, but FWIW I would make this enabled
>>>> unconditionally across all targets. As we already have a way to do a
>>>> "factory reset" using the reset button, IMHO failsafe should also
>>>> enforce login passwords everywhere, including the serial console.
>>>>
>>>
>>> default on, once root passwd is set sounds good. an optional opt-out
>>> feature would be nice to avoid people having to add dirty hacks to get
>>> rid of the login prompt on tty shells. this could be hidden inside a
>>> wrapper script called by inittab.
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list