Its not a security risk, there is no passwords in android and busybox is not suid... so only root can do it.
Also selinux has rules to prevent this kind of stuff. These applets are not enabled in busybox neither but could be later. ex: login system or login media can help to debug permission problems in a service. Le 6 août 2014 15:33, "tito" <[email protected]> a écrit : > On Wednesday 06 August 2014 13:58:31 Tanguy Pruvot wrote: > > Here is my final commit about getpwnam (and getpwuid) > > > > > https://github.com/CyanogenMod/android_external_busybox/commit/d8482dbecc75c8a94bd15a02fa8844cfea91e6d2 > > Hi, > just out of curiosity why are you returning an empty passwd field? > > Isn't it a sort of security risk, shoudn't it be better change it to "x" > > I rember the null passwd field was a problem when I hacked on the HTC dream > and dropbear if set up for password authentication and linked with bionic > allowed root access by simply hitting enter. > > There must a bug report on the cyanogenmod bugzilla about it. > > Rather than patching busybox and every other app you port wouldn't it > be easier to patch bionic directly to return always "x" in the passwd > field as > android as far as i know doesn't use passwords. > > Ciao, > Tito > > > maybe the "_r" functions should be used... > > http://unixhelp.ed.ac.uk/CGI/man-cgi?getpwuid+3 > > > > > > 2014-08-06 12:19 GMT+02:00 Morten Kvistgaard <[email protected]>: > > > > > The authentication works great now. And with code from libbb, nice. But > > > the change_identity function is conflicting with the chroot. > > > Even if you reorder the sequence, the change_identity is still > conflicting > > > somehow. I have to study it some more, before I can suggest a solution. > > > (Besides removing change_identity). > > > > > > > > > > -----Original Message----- > > > > From: Denys Vlasenko [mailto:[email protected]] > > > > Sent: 5. august 2014 22:00 > > > > To: Morten Kvistgaard > > > > Cc: [email protected] > > > > Subject: Re: ftpd authentication > > > > > > > > On Mon, Aug 4, 2014 at 12:38 PM, Morten Kvistgaard <MK@pch- > > > > engineering.dk> wrote: > > > > > I've attached a patch for adding basic authentication to the ftpd. > > > > > > > > > > This used to work with version 1.21.1. And walter harms tested it > with > > > > 1.22.1. And it worked with trunk 3 months ago. > > > > > > > > > > It doesn't seem to work with the current trunk though? > > > > > > > > > > The difference lies with "getpwnam" I think. (It's returning NULL > on > > > > > my Ubuntu.) > > > > > > > > getpwnam will not be very happy in chroot. > > > > > > > > I fixed that, and also added actual change of user identity, and > > > refactored > > > > password check to not duplicate code. > > > > > > > > Applied to git, please try it now. > > > > For example, I'm curious whether people who want _anon_ ftp are > unhappy > > > > now.... > > > > > > > > > > > > -- > > > This message has been scanned for viruses and dangerous content by > CronLab > > > (www.cronlab.com), and is believed to be clean. > > > > _______________________________________________ > busybox mailing list > [email protected] > http://lists.busybox.net/mailman/listinfo/busybox >
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
