This patch set implements a new feature which, when enabled, makes su reject blank passwords unless the user is on a secure TTY defined in /etc/securetty. This resembles the default PAM configuration of some Linux distros which specify the nullok_secure option for pam_unix.so.
function old new delta check_securetty - 117 +117 su_main 547 564 +17 sulogin_main 362 367 +5 ask_and_check_password 12 17 +5 ask_and_check_password_extended 99 102 +3 login_main 1311 1182 -129 ------------------------------------------------------------------------------ (add/remove: 2/0 grow/shrink: 4/1 up/down: 147/-129) Total: 18 bytes Kaarle Ritvanen (3): login: move check_securetty to libbb libbb: allow_blank argument for ask_and_check_password_extended() su: FEATURE_SU_NULLOK_SECURE include/libbb.h | 3 ++- libbb/Kbuild.src | 1 + libbb/correct_password.c | 6 +++--- libbb/securetty.c | 27 +++++++++++++++++++++++++++ loginutils/login.c | 19 ------------------- loginutils/su.c | 18 +++++++++++++----- loginutils/sulogin.c | 2 +- 7 files changed 47 insertions(+), 29 deletions(-) create mode 100644 libbb/securetty.c -- 2.5.0 _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
