While we’re at it, should we also remove the dangerous items from debug-tweaks and require them to be enabled explicitly?
Alex On Tue 5. Nov 2024 at 20.49, Ross Burton via lists.openembedded.org <[email protected]> wrote: > debug-tweaks is vague and doesn't give any indication that the root user > can login over SSH without a password. This behaviour is incredibly > dangerous if used unwittingly, so discourage it by using the underlying > features explicitly to spell out exactly what is being done. > > This is not the complete set of features that debug-tweaks enables, > but I don't think we need to enable serial-autologin-root or > post-install-logging by default. > > Signed-off-by: Ross Burton <[email protected]> > --- > meta-poky/conf/templates/default/local.conf.sample | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta-poky/conf/templates/default/local.conf.sample > b/meta-poky/conf/templates/default/local.conf.sample > index 72d35662940..cfa77106ab3 100644 > --- a/meta-poky/conf/templates/default/local.conf.sample > +++ b/meta-poky/conf/templates/default/local.conf.sample > @@ -145,8 +145,8 @@ DISTRO ?= "poky" > # There are other application targets that can be used here too, see > # meta/classes-recipe/image.bbclass and > # meta/classes-recipe/core-image.bbclass for more details. > -# We default to enabling the debugging tweaks. > -EXTRA_IMAGE_FEATURES ?= "debug-tweaks" > +# We default to allowing root login without a password for convenience. > +EXTRA_IMAGE_FEATURES ?= "allow-empty-password empty-root-password > allow-root-login" > > # > # Additional image features > -- > 2.34.1 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#206753): https://lists.openembedded.org/g/openembedded-core/message/206753 Mute This Topic: https://lists.openembedded.org/mt/109412890/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
