[OpenWrt-Devel] [PATCH] base-files image: Require login even on console (including failsafe)
openwrt at daniel.thecshore.com
openwrt at daniel.thecshore.com
Thu Dec 24 01:31:27 EST 2015
From: Daniel Dickinson <openwrt at daniel.thecshore.com>
Passwordless root login is undesirable by default
on any platform, therefore make requiring a login to
gain root (or any other user) even on hardware console
the default. This is an opt-out option that can by
disabled at image generation time by passing the
variable PASSWORDLESS_CONSOLE=1 in make command
line or by otherwise making sure the file
/lib/preinit/zz_passwordless_console exists.
Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
---
include/image.mk | 2 ++
package/base-files/files/etc/inittab | 2 +-
package/base-files/files/lib/preinit/99_10_failsafe_login | 3 +--
package/base-files/files/sbin/login_wrapper | 8 ++++++++
package/utils/busybox/Config-defaults.in | 4 ++--
target/imagebuilder/files/Makefile | 4 ++--
target/linux/adm5120/base-files/etc/inittab | 6 +++---
target/linux/ar71xx/base-files/etc/inittab | 2 +-
target/linux/arm64/base-files/etc/inittab | 6 +++---
target/linux/brcm2708/base-files/etc/inittab | 4 ++--
target/linux/ipq806x/base-files/etc/inittab | 2 +-
target/linux/malta/base-files/etc/inittab | 10 +++++-----
target/linux/mediatek/base-files/etc/inittab | 2 +-
target/linux/mxs/base-files/etc/inittab | 2 +-
target/linux/omap/base-files/etc/inittab | 6 +++---
target/linux/omap24xx/base-files/etc/inittab | 6 +++---
target/linux/ppc44x/base-files/etc/inittab | 4 ++--
target/linux/ramips/base-files/etc/inittab | 2 +-
target/linux/realview/base-files/etc/inittab | 6 +++---
target/linux/sunxi/base-files/etc/inittab | 6 +++---
target/linux/x86/base-files/etc/inittab | 4 ++--
target/linux/x86/xen_domu/base-files/etc/inittab | 6 +++---
22 files changed, 53 insertions(+), 44 deletions(-)
create mode 100755 package/base-files/files/sbin/login_wrapper
diff --git a/include/image.mk b/include/image.mk
index 1522dd7..5413481 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -276,6 +276,8 @@ define Image/mkfs/prepare/default
- $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
$(INSTALL_DIR) $(TARGET_DIR)/tmp $(TARGET_DIR)/overlay
chmod 1777 $(TARGET_DIR)/tmp
+ mkdir -p $(TARGET_DIR)/lib/preinit
+ $(if $(PASSWORDLESS_CONSOLE),touch $(TARGET_DIR)/lib/preinit/zz_passwordless_console)
endef
define Image/mkfs/prepare
diff --git a/package/base-files/files/etc/inittab b/package/base-files/files/etc/inittab
index 7817185..46372f6 100644
--- a/package/base-files/files/etc/inittab
+++ b/package/base-files/files/etc/inittab
@@ -1,3 +1,3 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-::askconsole:/bin/ash --login
+::askconsole:/sbin/login_wrapper
diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login
index b12e317..4319668 100644
--- a/package/base-files/files/lib/preinit/99_10_failsafe_login
+++ b/package/base-files/files/lib/preinit/99_10_failsafe_login
@@ -8,8 +8,7 @@ failsafe_netlogin () {
}
failsafe_shell() {
- lock /tmp/.failsafe
- ash --login
+ /sbin/login_wrapper
echo "Please reboot system when done with failsafe network logins"
}
diff --git a/package/base-files/files/sbin/login_wrapper b/package/base-files/files/sbin/login_wrapper
new file mode 100755
index 0000000..874d378
--- /dev/null
+++ b/package/base-files/files/sbin/login_wrapper
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ -r /lib/preinit/zz_passwordless_console ]; then
+ exec /bin/ash --login
+fi
+
+exec /bin/login
+
diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in
index 75c5976..3ae08b1 100644
--- a/package/utils/busybox/Config-defaults.in
+++ b/package/utils/busybox/Config-defaults.in
@@ -1212,10 +1212,10 @@ config BUSYBOX_DEFAULT_GETTY
default n
config BUSYBOX_DEFAULT_LOGIN
bool
- default n
+ default y
config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD
bool
- default n
+ default y
config BUSYBOX_DEFAULT_LOGIN_SCRIPTS
bool
default n
diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile
index f612ea9..64e55e2 100644
--- a/target/imagebuilder/files/Makefile
+++ b/target/imagebuilder/files/Makefile
@@ -43,7 +43,7 @@ Building images:
make image PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages
make image FILES="<path>" # include extra files from <path>
make image BIN_DIR="<path>" # alternative output directory for the images
-
+ make image PASSWORDLESS_CONSOLE=1 # Disable requiring login prompt to get console shell
endef
$(eval $(call shexport,Helptext))
@@ -174,7 +174,7 @@ package_postinst: FORCE
build_image: FORCE
@echo
@echo Building images...
- $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 \
+ $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" \
$(if $(USER_PROFILE),PROFILE="$(USER_PROFILE)")
clean:
diff --git a/target/linux/adm5120/base-files/etc/inittab b/target/linux/adm5120/base-files/etc/inittab
index 9f7c0ae..760bca0 100644
--- a/target/linux/adm5120/base-files/etc/inittab
+++ b/target/linux/adm5120/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-tts/0::askfirst:/bin/ash --login
-ttyAM0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+ttyAM0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/ar71xx/base-files/etc/inittab b/target/linux/ar71xx/base-files/etc/inittab
index 7817185..46372f6 100644
--- a/target/linux/ar71xx/base-files/etc/inittab
+++ b/target/linux/ar71xx/base-files/etc/inittab
@@ -1,3 +1,3 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-::askconsole:/bin/ash --login
+::askconsole:/sbin/login_wrapper
diff --git a/target/linux/arm64/base-files/etc/inittab b/target/linux/arm64/base-files/etc/inittab
index d9d571e..d3c1fbb 100644
--- a/target/linux/arm64/base-files/etc/inittab
+++ b/target/linux/arm64/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-tts/0::askfirst:/bin/ash --login
-ttyAMA0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+ttyAMA0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/brcm2708/base-files/etc/inittab b/target/linux/brcm2708/base-files/etc/inittab
index c05c555..0272ce5 100644
--- a/target/linux/brcm2708/base-files/etc/inittab
+++ b/target/linux/brcm2708/base-files/etc/inittab
@@ -1,4 +1,4 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyAMA0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+ttyAMA0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/ipq806x/base-files/etc/inittab b/target/linux/ipq806x/base-files/etc/inittab
index 19a6e11..3431870 100644
--- a/target/linux/ipq806x/base-files/etc/inittab
+++ b/target/linux/ipq806x/base-files/etc/inittab
@@ -1,4 +1,4 @@
# Copyright (c) 2013 The Linux Foundation. All rights reserved.
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyMSM0::askfirst:/bin/ash --login
+ttyMSM0::askfirst:/sbin/login_wrapper
diff --git a/target/linux/malta/base-files/etc/inittab b/target/linux/malta/base-files/etc/inittab
index 88567b2..1668e47 100644
--- a/target/linux/malta/base-files/etc/inittab
+++ b/target/linux/malta/base-files/etc/inittab
@@ -1,7 +1,7 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-tts/0::askfirst:/bin/ash --login
-ttyS0::askfirst:/bin/ash --login
-ttyS1::askfirst:/bin/ash --login
-ttyS2::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+ttyS0::askfirst:/sbin/login_wrapper
+ttyS1::askfirst:/sbin/login_wrapper
+ttyS2::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/mediatek/base-files/etc/inittab b/target/linux/mediatek/base-files/etc/inittab
index 870b3cc..49a2195 100644
--- a/target/linux/mediatek/base-files/etc/inittab
+++ b/target/linux/mediatek/base-files/etc/inittab
@@ -1,3 +1,3 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyS0::askfirst:/bin/ash --login
+ttyS0::askfirst:/sbin/login_wrapper
diff --git a/target/linux/mxs/base-files/etc/inittab b/target/linux/mxs/base-files/etc/inittab
index 09359b7..860a81d 100644
--- a/target/linux/mxs/base-files/etc/inittab
+++ b/target/linux/mxs/base-files/etc/inittab
@@ -1,3 +1,3 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyAMA0::askfirst:/bin/ash --login
+ttyAMA0::askfirst:/sbin/login_wrapper
diff --git a/target/linux/omap/base-files/etc/inittab b/target/linux/omap/base-files/etc/inittab
index 502c6f8..4df11df 100644
--- a/target/linux/omap/base-files/etc/inittab
+++ b/target/linux/omap/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyO0::askfirst:/bin/ash --login
-ttyO2::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+ttyO0::askfirst:/sbin/login_wrapper
+ttyO2::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/omap24xx/base-files/etc/inittab b/target/linux/omap24xx/base-files/etc/inittab
index 1360dc9..928f76f 100644
--- a/target/linux/omap24xx/base-files/etc/inittab
+++ b/target/linux/omap24xx/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-tts/0::askfirst:/bin/ash --login
-ttyO2::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+ttyO2::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/ppc44x/base-files/etc/inittab b/target/linux/ppc44x/base-files/etc/inittab
index 67c36a6..6064459 100644
--- a/target/linux/ppc44x/base-files/etc/inittab
+++ b/target/linux/ppc44x/base-files/etc/inittab
@@ -1,4 +1,4 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyS0::askfirst:/bin/ash --login
-ttyS1::askfirst:/bin/ash --login
+ttyS0::askfirst:/sbin/login_wrapper
+ttyS1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/ramips/base-files/etc/inittab b/target/linux/ramips/base-files/etc/inittab
index 7817185..46372f6 100644
--- a/target/linux/ramips/base-files/etc/inittab
+++ b/target/linux/ramips/base-files/etc/inittab
@@ -1,3 +1,3 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-::askconsole:/bin/ash --login
+::askconsole:/sbin/login_wrapper
diff --git a/target/linux/realview/base-files/etc/inittab b/target/linux/realview/base-files/etc/inittab
index d9d571e..d3c1fbb 100644
--- a/target/linux/realview/base-files/etc/inittab
+++ b/target/linux/realview/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-tts/0::askfirst:/bin/ash --login
-ttyAMA0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+ttyAMA0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/sunxi/base-files/etc/inittab b/target/linux/sunxi/base-files/etc/inittab
index e9de30b..5e328d3 100644
--- a/target/linux/sunxi/base-files/etc/inittab
+++ b/target/linux/sunxi/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-tts/0::askfirst:/bin/ash --login
-ttyS0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+ttyS0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/x86/base-files/etc/inittab b/target/linux/x86/base-files/etc/inittab
index ca90fd8..1dc0227 100644
--- a/target/linux/x86/base-files/etc/inittab
+++ b/target/linux/x86/base-files/etc/inittab
@@ -1,4 +1,4 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
-ttyS0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+ttyS0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
diff --git a/target/linux/x86/xen_domu/base-files/etc/inittab b/target/linux/x86/xen_domu/base-files/etc/inittab
index 469b8a9..93881fa 100644
--- a/target/linux/x86/xen_domu/base-files/etc/inittab
+++ b/target/linux/x86/xen_domu/base-files/etc/inittab
@@ -1,5 +1,5 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K stop
-tts/0::askfirst:/bin/ash --login
-hvc0::askfirst:/bin/ash --login
-tty1::askfirst:/bin/ash --login
+tts/0::askfirst:/sbin/login_wrapper
+hvc0::askfirst:/sbin/login_wrapper
+tty1::askfirst:/sbin/login_wrapper
--
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list