[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Daniel Dickinson openwrt at daniel.thecshore.com
Wed Dec 23 19:14:39 EST 2015 

On 23/12/15 06:49 PM, Felix Fietkau wrote:
> On 2015-12-24 00:38, Imre Kaloz wrote:
>> On Wed, 23 Dec 2015 17:27:37 +0100, Felix Fietkau <nbd at openwrt.org> wrote:
>>
>>> On 2015-12-23 16:27, Bastian Bittorf wrote:
>>>> * Imre Kaloz <kaloz at openwrt.org> [23.12.2015 16:22]:
>>>>>> I'd hate to have some corner case result in bricked routers for
>>>>>> people who have no means of recovering from a bad flash.
>>>>>
>>>>> You can reflash from the bootloader all the time, we are talking
>>>>> about userland here. IMHO this should be just a normal change, like
>>>>> dropping telnet. Enforcing login should be on by default, specially
>>>>> since if one forgets the password they can just reset everything to
>>>>> defaults keeping the reset button pressed.
>>>>
>>>> I am against asking for a password in failsafe mode:
>>>> failsafe is failsafe is failsafe.
>>>>
>>>> You have to run mount_root which does _things_ and can break.
>>> I completely agree with this. Failsafe needs to be robust.
>>
>> Failsafe can be triggered both locally and through the network and gives
>> straight root access. This doesn't make it robust, it makes it insecure.
> How can it be triggered through the network?

I'm thinking that's a case if mis-speaking (although Imre may correct 
me).  Based on what I remember doing for failsafe, and what looks like 
to still be the case in /lib/preinit, failsafe is *triggered* by

a) reset button
b) OR serial console

at which point is may be accessed (previously without password) via:

a) serial console
b) previously telnet, recently dropbear (i.e. network).  The telnet 
version was passwordless, which is what I think Imre is referring too.

I think the dropbear version is only passwordless if the router has been 
factory reset because based on my testing of the adding the login 
wrapper to failsafe instead of dropping straight to passwordless root 
shell, if a password has been configured on the router, it gets used, 
and I didn't do anything to make that happen, so either the procd work, 
or the dropear work added mount_root to failsafe sometime ago.

Regards,

Daniel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list