[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Heinrich Schuchardt xypron.glpk at gmx.de
Wed Dec 23 06:42:25 EST 2015 

On 12/23/2015 08:54 AM, Daniel Dickinson wrote:
> On 23/12/15 02:44 AM, Heinrich Schuchardt wrote:
>> Hello Daniel,
>>
>> my TP-LINK MR3020 (AR71XX, OpenWrt 15.05) uses /dev/ttyATH0 as serial
>> console .
>>
>> I could not find this device in the getty commands of the inittab that
>> you create in the patch below.
> 
> For that patch for ar71xx it is somewhat tricky because different boards
> have different serial devices so it is necessary to use an uci-default
> scriptlet that modifies inittab based on the actual console device
> (which on ar71xx is on kernel commandline).
> 
> However, I don't particularly like that solution and am investigating
> alternative measures that allow to embed a working inittab in the
> squashfs (basically I'm hoping I'm reading agetty docs right and I can
> 'cheat' and sidestep the question of the name of the console device; but
> will test; fortunately I have ar71xx since that's the hardest one,
> although ramips I couldn't find what the serial console was either, so
> it may actually need this even more).
> 
>>
>> I would feel more comfortable having a password verification on my
>> router. Shouldn't this be default on all targets?
> 
> Not my call.  If the core devs want to do that once I get this resolved
> that is up to them.

Dear core devs,

A case that has to be opened does not provide any real security at all.
A password for console access is a necessity.
Every non-free router has a console password, why not OpenWrt?

> 
> Besides having passwordless serial console on a typical router is not a
> significant issue because you have to hack the hardware to get a serial
> attached (at least opening the case being required is the norm).  The
> reason I create this patch was more for situations like running OpenWrt
> on generic PC's or Raspberry Pi/Pi2 where it's trivial to get hardware
> console access (even for someone with basically no skills or specialized
> equipment).

A Raspberry typically is also in a case which has to be opened to get
access to the serial port:
https://www.raspberrypi.org/blog/raspberry-pi-official-case/

Regards

Heinrich Schuchardt
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list