[OpenWrt-Devel] [PATCH] base-files image: Require login even on console (including failsafe)
Daniel Dickinson
openwrt at daniel.thecshore.com
Thu Dec 24 01:40:42 EST 2015
I just noticed why failsafe was mounting root - I accidentally deleted
the failsafe lock which blocks until login session is complete.
Fixing now.
On 24/12/15 01:31 AM, openwrt at daniel.thecshore.com wrote:
> From: Daniel Dickinson <openwrt at daniel.thecshore.com>
>
> Passwordless root login is undesirable by default
> on any platform, therefore make requiring a login to
> gain root (or any other user) even on hardware console
> the default. This is an opt-out option that can by
> disabled at image generation time by passing the
> variable PASSWORDLESS_CONSOLE=1 in make command
> line or by otherwise making sure the file
> /lib/preinit/zz_passwordless_console exists.
>
> Signed-off-by: Daniel Dickinson <openwrt at daniel.thecshore.com>
> ---
> include/image.mk | 2 ++
> package/base-files/files/etc/inittab | 2 +-
> package/base-files/files/lib/preinit/99_10_failsafe_login | 3 +--
> package/base-files/files/sbin/login_wrapper | 8 ++++++++
> package/utils/busybox/Config-defaults.in | 4 ++--
> target/imagebuilder/files/Makefile | 4 ++--
> target/linux/adm5120/base-files/etc/inittab | 6 +++---
> target/linux/ar71xx/base-files/etc/inittab | 2 +-
> target/linux/arm64/base-files/etc/inittab | 6 +++---
> target/linux/brcm2708/base-files/etc/inittab | 4 ++--
> target/linux/ipq806x/base-files/etc/inittab | 2 +-
> target/linux/malta/base-files/etc/inittab | 10 +++++-----
> target/linux/mediatek/base-files/etc/inittab | 2 +-
> target/linux/mxs/base-files/etc/inittab | 2 +-
> target/linux/omap/base-files/etc/inittab | 6 +++---
> target/linux/omap24xx/base-files/etc/inittab | 6 +++---
> target/linux/ppc44x/base-files/etc/inittab | 4 ++--
> target/linux/ramips/base-files/etc/inittab | 2 +-
> target/linux/realview/base-files/etc/inittab | 6 +++---
> target/linux/sunxi/base-files/etc/inittab | 6 +++---
> target/linux/x86/base-files/etc/inittab | 4 ++--
> target/linux/x86/xen_domu/base-files/etc/inittab | 6 +++---
> 22 files changed, 53 insertions(+), 44 deletions(-)
> create mode 100755 package/base-files/files/sbin/login_wrapper
>
> diff --git a/include/image.mk b/include/image.mk
> index 1522dd7..5413481 100644
> --- a/include/image.mk
> +++ b/include/image.mk
> @@ -276,6 +276,8 @@ define Image/mkfs/prepare/default
> - $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
> $(INSTALL_DIR) $(TARGET_DIR)/tmp $(TARGET_DIR)/overlay
> chmod 1777 $(TARGET_DIR)/tmp
> + mkdir -p $(TARGET_DIR)/lib/preinit
> + $(if $(PASSWORDLESS_CONSOLE),touch $(TARGET_DIR)/lib/preinit/zz_passwordless_console)
> endef
>
> define Image/mkfs/prepare
> diff --git a/package/base-files/files/etc/inittab b/package/base-files/files/etc/inittab
> index 7817185..46372f6 100644
> --- a/package/base-files/files/etc/inittab
> +++ b/package/base-files/files/etc/inittab
> @@ -1,3 +1,3 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -::askconsole:/bin/ash --login
> +::askconsole:/sbin/login_wrapper
> diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login
> index b12e317..4319668 100644
> --- a/package/base-files/files/lib/preinit/99_10_failsafe_login
> +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login
> @@ -8,8 +8,7 @@ failsafe_netlogin () {
> }
>
> failsafe_shell() {
> - lock /tmp/.failsafe
> - ash --login
> + /sbin/login_wrapper
> echo "Please reboot system when done with failsafe network logins"
> }
>
> diff --git a/package/base-files/files/sbin/login_wrapper b/package/base-files/files/sbin/login_wrapper
> new file mode 100755
> index 0000000..874d378
> --- /dev/null
> +++ b/package/base-files/files/sbin/login_wrapper
> @@ -0,0 +1,8 @@
> +#!/bin/sh
> +
> +if [ -r /lib/preinit/zz_passwordless_console ]; then
> + exec /bin/ash --login
> +fi
> +
> +exec /bin/login
> +
> diff --git a/package/utils/busybox/Config-defaults.in b/package/utils/busybox/Config-defaults.in
> index 75c5976..3ae08b1 100644
> --- a/package/utils/busybox/Config-defaults.in
> +++ b/package/utils/busybox/Config-defaults.in
> @@ -1212,10 +1212,10 @@ config BUSYBOX_DEFAULT_GETTY
> default n
> config BUSYBOX_DEFAULT_LOGIN
> bool
> - default n
> + default y
> config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD
> bool
> - default n
> + default y
> config BUSYBOX_DEFAULT_LOGIN_SCRIPTS
> bool
> default n
> diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile
> index f612ea9..64e55e2 100644
> --- a/target/imagebuilder/files/Makefile
> +++ b/target/imagebuilder/files/Makefile
> @@ -43,7 +43,7 @@ Building images:
> make image PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages
> make image FILES="<path>" # include extra files from <path>
> make image BIN_DIR="<path>" # alternative output directory for the images
> -
> + make image PASSWORDLESS_CONSOLE=1 # Disable requiring login prompt to get console shell
> endef
> $(eval $(call shexport,Helptext))
>
> @@ -174,7 +174,7 @@ package_postinst: FORCE
> build_image: FORCE
> @echo
> @echo Building images...
> - $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 \
> + $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" \
> $(if $(USER_PROFILE),PROFILE="$(USER_PROFILE)")
>
> clean:
> diff --git a/target/linux/adm5120/base-files/etc/inittab b/target/linux/adm5120/base-files/etc/inittab
> index 9f7c0ae..760bca0 100644
> --- a/target/linux/adm5120/base-files/etc/inittab
> +++ b/target/linux/adm5120/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -tts/0::askfirst:/bin/ash --login
> -ttyAM0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +ttyAM0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/ar71xx/base-files/etc/inittab b/target/linux/ar71xx/base-files/etc/inittab
> index 7817185..46372f6 100644
> --- a/target/linux/ar71xx/base-files/etc/inittab
> +++ b/target/linux/ar71xx/base-files/etc/inittab
> @@ -1,3 +1,3 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -::askconsole:/bin/ash --login
> +::askconsole:/sbin/login_wrapper
> diff --git a/target/linux/arm64/base-files/etc/inittab b/target/linux/arm64/base-files/etc/inittab
> index d9d571e..d3c1fbb 100644
> --- a/target/linux/arm64/base-files/etc/inittab
> +++ b/target/linux/arm64/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -tts/0::askfirst:/bin/ash --login
> -ttyAMA0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +ttyAMA0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/brcm2708/base-files/etc/inittab b/target/linux/brcm2708/base-files/etc/inittab
> index c05c555..0272ce5 100644
> --- a/target/linux/brcm2708/base-files/etc/inittab
> +++ b/target/linux/brcm2708/base-files/etc/inittab
> @@ -1,4 +1,4 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyAMA0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +ttyAMA0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/ipq806x/base-files/etc/inittab b/target/linux/ipq806x/base-files/etc/inittab
> index 19a6e11..3431870 100644
> --- a/target/linux/ipq806x/base-files/etc/inittab
> +++ b/target/linux/ipq806x/base-files/etc/inittab
> @@ -1,4 +1,4 @@
> # Copyright (c) 2013 The Linux Foundation. All rights reserved.
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyMSM0::askfirst:/bin/ash --login
> +ttyMSM0::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/malta/base-files/etc/inittab b/target/linux/malta/base-files/etc/inittab
> index 88567b2..1668e47 100644
> --- a/target/linux/malta/base-files/etc/inittab
> +++ b/target/linux/malta/base-files/etc/inittab
> @@ -1,7 +1,7 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -tts/0::askfirst:/bin/ash --login
> -ttyS0::askfirst:/bin/ash --login
> -ttyS1::askfirst:/bin/ash --login
> -ttyS2::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +ttyS0::askfirst:/sbin/login_wrapper
> +ttyS1::askfirst:/sbin/login_wrapper
> +ttyS2::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/mediatek/base-files/etc/inittab b/target/linux/mediatek/base-files/etc/inittab
> index 870b3cc..49a2195 100644
> --- a/target/linux/mediatek/base-files/etc/inittab
> +++ b/target/linux/mediatek/base-files/etc/inittab
> @@ -1,3 +1,3 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyS0::askfirst:/bin/ash --login
> +ttyS0::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/mxs/base-files/etc/inittab b/target/linux/mxs/base-files/etc/inittab
> index 09359b7..860a81d 100644
> --- a/target/linux/mxs/base-files/etc/inittab
> +++ b/target/linux/mxs/base-files/etc/inittab
> @@ -1,3 +1,3 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyAMA0::askfirst:/bin/ash --login
> +ttyAMA0::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/omap/base-files/etc/inittab b/target/linux/omap/base-files/etc/inittab
> index 502c6f8..4df11df 100644
> --- a/target/linux/omap/base-files/etc/inittab
> +++ b/target/linux/omap/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyO0::askfirst:/bin/ash --login
> -ttyO2::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +ttyO0::askfirst:/sbin/login_wrapper
> +ttyO2::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/omap24xx/base-files/etc/inittab b/target/linux/omap24xx/base-files/etc/inittab
> index 1360dc9..928f76f 100644
> --- a/target/linux/omap24xx/base-files/etc/inittab
> +++ b/target/linux/omap24xx/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -tts/0::askfirst:/bin/ash --login
> -ttyO2::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +ttyO2::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/ppc44x/base-files/etc/inittab b/target/linux/ppc44x/base-files/etc/inittab
> index 67c36a6..6064459 100644
> --- a/target/linux/ppc44x/base-files/etc/inittab
> +++ b/target/linux/ppc44x/base-files/etc/inittab
> @@ -1,4 +1,4 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyS0::askfirst:/bin/ash --login
> -ttyS1::askfirst:/bin/ash --login
> +ttyS0::askfirst:/sbin/login_wrapper
> +ttyS1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/ramips/base-files/etc/inittab b/target/linux/ramips/base-files/etc/inittab
> index 7817185..46372f6 100644
> --- a/target/linux/ramips/base-files/etc/inittab
> +++ b/target/linux/ramips/base-files/etc/inittab
> @@ -1,3 +1,3 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -::askconsole:/bin/ash --login
> +::askconsole:/sbin/login_wrapper
> diff --git a/target/linux/realview/base-files/etc/inittab b/target/linux/realview/base-files/etc/inittab
> index d9d571e..d3c1fbb 100644
> --- a/target/linux/realview/base-files/etc/inittab
> +++ b/target/linux/realview/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -tts/0::askfirst:/bin/ash --login
> -ttyAMA0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +ttyAMA0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/sunxi/base-files/etc/inittab b/target/linux/sunxi/base-files/etc/inittab
> index e9de30b..5e328d3 100644
> --- a/target/linux/sunxi/base-files/etc/inittab
> +++ b/target/linux/sunxi/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -tts/0::askfirst:/bin/ash --login
> -ttyS0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +ttyS0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/x86/base-files/etc/inittab b/target/linux/x86/base-files/etc/inittab
> index ca90fd8..1dc0227 100644
> --- a/target/linux/x86/base-files/etc/inittab
> +++ b/target/linux/x86/base-files/etc/inittab
> @@ -1,4 +1,4 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K shutdown
> -ttyS0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +ttyS0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
> diff --git a/target/linux/x86/xen_domu/base-files/etc/inittab b/target/linux/x86/xen_domu/base-files/etc/inittab
> index 469b8a9..93881fa 100644
> --- a/target/linux/x86/xen_domu/base-files/etc/inittab
> +++ b/target/linux/x86/xen_domu/base-files/etc/inittab
> @@ -1,5 +1,5 @@
> ::sysinit:/etc/init.d/rcS S boot
> ::shutdown:/etc/init.d/rcS K stop
> -tts/0::askfirst:/bin/ash --login
> -hvc0::askfirst:/bin/ash --login
> -tty1::askfirst:/bin/ash --login
> +tts/0::askfirst:/sbin/login_wrapper
> +hvc0::askfirst:/sbin/login_wrapper
> +tty1::askfirst:/sbin/login_wrapper
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list