[OpenWrt-Devel] [PATCH] base-files: Allow to disable failsafe mode

openwrt at daniel.thecshore.com openwrt at daniel.thecshore.com
Thu Dec 24 07:26:59 EST 2015


From: Daniel Dickinson <openwrt at daniel.thecshore.com>

Failsafe mode while convenient for development and experimentation
can reasonbly considered a major security loophole (by giving an
easy way to gain passwordless root access to the device), therefore
we add the ability to build images with failsafe mode disable, either
through a compile time option, or through an image generation-time
option (passing NOFAILSAFE=1 in make command line when generating
image either through buildroot or through imagebuilder).

Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
 include/image.mk                                   |  1 +
 package/base-files/Makefile                        |  1 +
 .../files/lib/preinit/10_indicate_failsafe         |  3 +++
 .../base-files/files/lib/preinit/30_failsafe_wait  | 24 ++++++++++++++--------
 .../files/lib/preinit/40_run_failsafe_hook         |  3 +++
 package/base-files/image-config.in                 | 19 +++++++++++++----
 target/imagebuilder/files/Makefile                 |  3 ++-
 7 files changed, 41 insertions(+), 13 deletions(-)

diff --git a/include/image.mk b/include/image.mk
index 5413481..2528094 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -278,6 +278,7 @@ define Image/mkfs/prepare/default
 	chmod 1777 $(TARGET_DIR)/tmp
 	mkdir -p $(TARGET_DIR)/lib/preinit
 	$(if $(PASSWORDLESS_CONSOLE),touch $(TARGET_DIR)/lib/preinit/zz_passwordless_console)
+	$(if $(NOFAILSAFE),echo 'pi_preinit_no_failsafe=y' >>$(TARGET_DIR)/lib/preinit/00_preinit.conf)
 endef
 
 define Image/mkfs/prepare
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index bf32f63..0b0d5af 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -80,6 +80,7 @@ define ImageConfigOptions
 	echo 'pi_broadcast=$(if $(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
+	echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
 endef
 endif
 
diff --git a/package/base-files/files/lib/preinit/10_indicate_failsafe b/package/base-files/files/lib/preinit/10_indicate_failsafe
index 6afae41..da8ef18 100644
--- a/package/base-files/files/lib/preinit/10_indicate_failsafe
+++ b/package/base-files/files/lib/preinit/10_indicate_failsafe
@@ -9,6 +9,9 @@ indicate_failsafe_led () {
 }
 
 indicate_failsafe() {
+	if [ "$pi_preinit_no_failsafe" = "y" ]; then
+		return
+	fi
 	echo "- failsafe -"
 	preinit_net_echo "Entering Failsafe!\n"
 	indicate_failsafe_led
diff --git a/package/base-files/files/lib/preinit/30_failsafe_wait b/package/base-files/files/lib/preinit/30_failsafe_wait
index 3d69baf..514bab4 100644
--- a/package/base-files/files/lib/preinit/30_failsafe_wait
+++ b/package/base-files/files/lib/preinit/30_failsafe_wait
@@ -39,7 +39,9 @@ fs_wait_for_key () {
 		rm -f $keypress_wait
 	} &
 
-	echo "Press the [$1] key and hit [enter] $2"
+	if [ "$pi_preinit_no_failsafe" != "y" ]; then
+		echo "Press the [$1] key and hit [enter] $2"
+	fi
 	echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level"
 	# if we're on the console we wait for input
 	{
@@ -82,14 +84,20 @@ fs_wait_for_key () {
 
 failsafe_wait() {
 	FAILSAFE=
-	grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE
+	if [ "$pi_preinit_no_failsafe" != "y" ]; then
+		grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE
+	fi
 	if [ "$FAILSAFE" != "true" ]; then
-		pi_failsafe_net_message=true
-		preinit_net_echo "Please press button now to enter failsafe"
-		pi_failsafe_net_message=false
-		fs_wait_for_key f 'to enter failsafe mode' $fs_failsafe_wait_timeout && FAILSAFE=true
-		[ -f "/tmp/failsafe_button" ] && FAILSAFE=true && echo "- failsafe button "`cat /tmp/failsafe_button`" was pressed -"
-		[ "$FAILSAFE" = "true" ] && export FAILSAFE && touch /tmp/failsafe
+		if [ "$pi_preinit_no_failsafe" != "y" ]; then
+			pi_failsafe_net_message=true
+			preinit_net_echo "Please press button now to enter failsafe"
+			pi_failsafe_net_message=false
+			fs_wait_for_key f 'to enter failsafe mode' $fs_failsafe_wait_timeout && FAILSAFE=true
+			[ -f "/tmp/failsafe_button" ] && FAILSAFE=true && echo "- failsafe button "`cat /tmp/failsafe_button`" was pressed -"
+			[ "$FAILSAFE" = "true" ] && export FAILSAFE && touch /tmp/failsafe
+		else
+			fs_wait_for_key "" "" $fs_failsafe_wait_timeout
+		fi
 	fi
 }
 
diff --git a/package/base-files/files/lib/preinit/40_run_failsafe_hook b/package/base-files/files/lib/preinit/40_run_failsafe_hook
index cb43ad3..9afa33f 100644
--- a/package/base-files/files/lib/preinit/40_run_failsafe_hook
+++ b/package/base-files/files/lib/preinit/40_run_failsafe_hook
@@ -3,6 +3,9 @@
 # Copyright (C) 2010 Vertical Communications
 
 run_failsafe_hook() {
+    if [ "$pi_preinit_no_failsafe" = "y" ]; then
+	return
+    fi
     if [ "$FAILSAFE" = "true" ]; then
 	boot_run_hook failsafe
 	lock -w /tmp/.failsafe
diff --git a/package/base-files/image-config.in b/package/base-files/image-config.in
index 3dfbedc..cec9f52 100644
--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR
 		the ash shell launched by inittab will display stderr).  That's
 		the same behaviour as seen in previous version of OpenWrt.
 
+config TARGET_PREINIT_DISABLE_FAILSAFE
+	bool
+	prompt "Disable failsafe" if PREINITOPT
+	default n
+	help
+		Disable failsafe mode.  While it is very handy while
+		experimenting or developing it really ought to be
+		disabled in production environments as it is a major
+		security loophole.
+
 config TARGET_PREINIT_TIMEOUT
 	int
-	prompt "Failsafe wait timeout" if PREINITOPT
+	prompt "Failsafe/Debug wait timeout" if PREINITOPT
 	default 2
 	help
-		How long to wait for failsafe mode to be entered before
-		continuing with a regular boot if failsafe not selected.
+		How long to wait for failsafe mode to be entered or for
+		a debug option to be pressed before continuing with a 
+		regular boot.
 
 config TARGET_PREINIT_SHOW_NETMSG
 	bool
@@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG
 
 config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG
 	bool
-	prompt "Suppress network message indicating failsafe" if PREINITOPT
+	prompt "Suppress network message indicating failsafe" if ( PREINITOPT && !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE )
 	default n
 	help
 		If "Show all preinit network messages" above is not set, then
diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile
index 64e55e2..f9838cf 100644
--- a/target/imagebuilder/files/Makefile
+++ b/target/imagebuilder/files/Makefile
@@ -44,6 +44,7 @@ Building images:
 	make image FILES="<path>" # include extra files from <path>
 	make image BIN_DIR="<path>" # alternative output directory for the images
 	make image PASSWORDLESS_CONSOLE=1 # Disable requiring login prompt to get console shell
+	make image NOFAILSAFE=1 # Disable failsafe mode
 endef
 $(eval $(call shexport,Helptext))
 
@@ -174,7 +175,7 @@ package_postinst: FORCE
 build_image: FORCE
 	@echo
 	@echo Building images...
-	$(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" \
+	$(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" NOFAILSAFE="$(NOFAILSAFE)" \
 		$(if $(USER_PROFILE),PROFILE="$(USER_PROFILE)")
 
 clean:
-- 
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list