On Tue, Oct 17, 2023 at 02:52:43PM +0530, Chirag Shilwant wrote: > > On 17/10/23 02:48, Andrew Davis via lists.yoctoproject.org wrote: > >I'm sure I don't have to explain why this was a bad idea.. > > Still, It will be good to have a commit message explaining it :)
It is a very obvious major security weakness and is definitely a very bad idea for an end product! But, there was never a clear definition of what meta-arago is - is it an end product distribution or simply a test environment for the BSP/SDK. This was added over 10 years ago as part of AM-SDK for ease of testing. Even though the commit does not explain it [1], we had a discussion and the security implications of sending telnet passwords in clear text were questioned. The counter-argument here is that we build "debug" images w/o root password anyway by default, so allowing password-less root logins over telnet is rather a moot point, as we already allow the same for ssh. Mayve instead of completely removing this, it should be conditional and only enabled when "debug-tweaks" is enabled in EXTRA_IMAGE_FEATURES, similar to allowing ssh root logins w/o a password. [1] https://git.yoctoproject.org/meta-arago/commit/?id=98b6209a3010e32da963a0f6f53fceebbc37f8f9 > >Signed-off-by: Andrew Davis <[email protected]> > >--- > > .../shadow/shadow-securetty_%.bbappend | 15 --------------- > > 1 file changed, 15 deletions(-) > > delete mode 100644 > > meta-arago-distro/recipes-extended/shadow/shadow-securetty_%.bbappend > > > >diff --git > >a/meta-arago-distro/recipes-extended/shadow/shadow-securetty_%.bbappend > >b/meta-arago-distro/recipes-extended/shadow/shadow-securetty_%.bbappend > >deleted file mode 100644 > >index 62999d2a..00000000 > >--- a/meta-arago-distro/recipes-extended/shadow/shadow-securetty_%.bbappend > >+++ /dev/null > >@@ -1,15 +0,0 @@ > >-PR:append = ".arago0" > >- > >-do_install:append () { > >- # Allow telnet sessions to login as root > >- securetty_file=${D}${sysconfdir}/securetty > >- > >- echo '' >> $securetty_file > >- echo '# Allow 5 telnet login' >> $securetty_file > >- echo 'pts/0' >> $securetty_file > >- echo 'pts/1' >> $securetty_file > >- echo 'pts/2' >> $securetty_file > >- echo 'pts/3' >> $securetty_file > >- echo 'pts/4' >> $securetty_file > >- > >-} -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#14942): https://lists.yoctoproject.org/g/meta-arago/message/14942 Mute This Topic: https://lists.yoctoproject.org/mt/102005945/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-arago/leave/10763299/21656/89520264/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
