Re: [OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Heinrich Schuchardt Tue, 22 Dec 2015 23:45:27 -0800

Hello Daniel,

my TP-LINK MR3020 (AR71XX, OpenWrt 15.05) uses /dev/ttyATH0 as serial
console .


I could not find this device in the getty commands of the inittab that
you create in the patch below.

I would feel more comfortable having a password verification on my
router. Shouldn't this be default on all targets?

Best regards

Heinrich Schuchardt


On 23.12.2015 07:58, Daniel Dickinson wrote:
> I am reworking this (requiring console login) as couple of packages for
> the packages feed, although it may require an image.mk or packages
> Makefile hook in order to embed an appropriate inittab into the image
> (since the inittab will need to be modified and we need to guarantee the
> correct order of actions; and inittab comes from base-files which is
> last thing done in the packages Makefile).
> 
> Regards,
> 
> Daniel
> 
> On 16/12/15 09:59 AM, [email protected] wrote:
>> From: Daniel Dickinson <[email protected]>
>>
>> Some devices like generic PC's and Raspberry Pi/Pi2 are much more
>> trivial to
>> get hardware console access than a typical router scenario and
>> therefore really
>> ought to require login even on hardware console rather than a hardware
>> console
>> granting passwordless root access.
>>
>> Since we're at it, we also make requiring login on hardware console an
>> easily configured build-time option.
>>
>> Signed-off-by: Daniel Dickinson <[email protected]>
>> ---
>>   config/Config-build.in                             | 17
>> ++++++++++++++++
>>   package/base-files/Makefile                        | 23
>> +++++++++++++++++++++-
>>   package/utils/busybox/Config-defaults.in           |  3 +++
>>   .../linux/adm5120/base-files-console/etc/inittab   |  5 +++++
>>   .../base-files-console/etc/uci-defaults/inittab    |  6 ++++++
>>   .../linux/brcm2708/base-files-console/etc/inittab  |  4 ++++
>>   .../linux/ipq806x/base-files-console/etc/inittab   |  4 ++++
>>   target/linux/lantiq/base-files-console/etc/inittab |  3 +++
>>   target/linux/malta/base-files-console/etc/inittab  |  7 +++++++
>>   .../linux/mediatek/base-files-console/etc/inittab  |  3 +++
>>   target/linux/mxs/base-files-console/etc/inittab    |  3 +++
>>   target/linux/omap/base-files-console/etc/inittab   |  5 +++++
>>   .../linux/omap24xx/base-files-console/etc/inittab  |  5 +++++
>>   target/linux/ppc44x/base-files-console/etc/inittab |  4 ++++
>>   .../linux/realview/base-files-console/etc/inittab  |  5 +++++
>>   target/linux/sunxi/base-files-console/etc/inittab  |  5 +++++
>>   target/linux/x86/base-files-console/etc/inittab    |  4 ++++
>>   17 files changed, 105 insertions(+), 1 deletion(-)
>>   create mode 100644 target/linux/adm5120/base-files-console/etc/inittab
>>   create mode 100644
>> target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>>   create mode 100644 target/linux/brcm2708/base-files-console/etc/inittab
>>   create mode 100644 target/linux/ipq806x/base-files-console/etc/inittab
>>   create mode 100644 target/linux/lantiq/base-files-console/etc/inittab
>>   create mode 100644 target/linux/malta/base-files-console/etc/inittab
>>   create mode 100644 target/linux/mediatek/base-files-console/etc/inittab
>>   create mode 100644 target/linux/mxs/base-files-console/etc/inittab
>>   create mode 100644 target/linux/omap/base-files-console/etc/inittab
>>   create mode 100644 target/linux/omap24xx/base-files-console/etc/inittab
>>   create mode 100644 target/linux/ppc44x/base-files-console/etc/inittab
>>   create mode 100644 target/linux/realview/base-files-console/etc/inittab
>>   create mode 100644 target/linux/sunxi/base-files-console/etc/inittab
>>   create mode 100644 target/linux/x86/base-files-console/etc/inittab
>>
>> diff --git a/config/Config-build.in b/config/Config-build.in
>> index 1a35c5d..f975d45 100644
>> --- a/config/Config-build.in
>> +++ b/config/Config-build.in
>> @@ -75,6 +75,23 @@ menu "Global build settings"
>>                     encrypted and unencrypted flavours, even when the
>> encryption library
>>                     is a 'heavier' one such as OpenSSL.
>>
>> +    config CONSOLE_LOGIN
>> +        bool
>> +        prompt "Require login even on hardware/serial console"
>> +        default y if (TARGET_x86_generic || TARGET_x86_64 ||
>> TARGET_brcm2708)
>> +        default n
>> +        help
>> +          Enables Busybox applets getty and login and uses them
>> instead of default
>> +          respawn of ash on hardware/serial consoles.  This is made
>> the default for
>> +          targets which are fairly easy to gain hardware console
>> access compared to
>> +          a typical router (which generally require more electronics
>> skill or at least
>> +                  equipment that than is common except with
>> electronics enthusiasts and
>> +                  professionals).  This includes the Raspberry Pi/Pi2
>> (built in HDMI and USB
>> +          support making adding a console trivial), and *generic* x86
>> 32-bit and
>> +          64-bit systems (typically physical PCs for which it is also
>> usually trivial
>> +                  to add a keyboard and monitor without even rebooting).
>> +
>> +
>>       comment "Kernel build options"
>>
>>       source "config/Config-kernel.in"
>> diff --git a/package/base-files/Makefile b/package/base-files/Makefile
>> index 1367fa9..b4fe806 100644
>> --- a/package/base-files/Makefile
>> +++ b/package/base-files/Makefile
>> @@ -112,25 +112,46 @@ define Package/base-files/install
>>       if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
>>           $(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
>>       fi
>> +    $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(GENERIC_PLATFORM_DIR)/base-files-console/. ]; then \
>> +        $(CP) $(GENERIC_PLATFORM_DIR)/base-files-console/* $(1)/; \
>> +    fi)
>>       if [ -d $(PLATFORM_DIR)/base-files/. ]; then \
>>           $(CP) $(PLATFORM_DIR)/base-files/* $(1)/; \
>>       fi
>> +    $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_DIR)/base-files-console/. ]; then \
>> +        $(CP) $(PLATFORM_DIR)/base-files-console/* $(1)/; \
>> +    fi)
>>       if [ -d $(PLATFORM_DIR)/base-files-$(PROFILE)/. ]; then \
>>           $(CP) $(PLATFORM_DIR)/base-files-$(PROFILE)/* $(1)/; \
>>       fi
>> +    $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_DIR)/base-files-console-$(PROFILE)/. ]; then \
>> +        $(CP) $(PLATFORM_DIR)/base-files-console-$(PROFILE)/* $(1)/; \
>> +    fi)
>>       if [ -d $(PLATFORM_DIR)/$(PROFILE)/base-files/. ]; then \
>>           $(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files/* $(1)/; \
>>       fi
>> +    $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_DIR)/$(PROFILE)/base-files-console/. ]; then \
>> +        $(CP) $(PLATFORM_DIR)/$(PROFILE)/base-files-console/* $(1)/; \
>> +    fi)
>>       $(if $(filter-out $(PLATFORM_DIR),$(PLATFORM_SUBDIR)), \
>>           if [ -d $(PLATFORM_SUBDIR)/base-files/. ]; then \
>>               $(CP) $(PLATFORM_SUBDIR)/base-files/* $(1)/; \
>>           fi; \
>> +        $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_SUBDIR)/base-files-console/. ]; then \
>> +            $(CP) $(PLATFORM_SUBDIR)/base-files-console/* $(1)/; \
>> +        fi;) \
>>           if [ -d $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/. ]; then \
>>               $(CP) $(PLATFORM_SUBDIR)/base-files-$(PROFILE)/* $(1)/; \
>>           fi; \
>> +        $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_SUBDIR)/base-files-$(PROFILE)-console/. ]; then \
>> +            $(CP) $(PLATFORM_SUBDIR)/base-files-console-$(PROFILE)/*
>> $(1)/; \
>> +        fi;) \
>>           if [ -d $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/. ]; then \
>>               $(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files/* $(1)/; \
>> -        fi \
>> +        fi; \
>> +        $(if $(CONFIG_CONSOLE_LOGIN),if [ -d
>> $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/. ]; then \
>> +            $(CP) $(PLATFORM_SUBDIR)/$(PROFILE)/base-files-console/*
>> $(1)/; \
>> +        fi) \
>>       )
>>
>>       $(VERSION_SED) \
>> diff --git a/package/utils/busybox/Config-defaults.in
>> b/package/utils/busybox/Config-defaults.in
>> index 7a7b4a6..0986302 100644
>> --- a/package/utils/busybox/Config-defaults.in
>> +++ b/package/utils/busybox/Config-defaults.in
>> @@ -1210,12 +1210,15 @@ config
>> BUSYBOX_DEFAULT_FEATURE_DEL_USER_FROM_GROUP
>>       default n
>>   config BUSYBOX_DEFAULT_GETTY
>>       bool
>> +    default y if CONSOLE_LOGIN
>>       default n
>>   config BUSYBOX_DEFAULT_LOGIN
>>       bool
>> +    default y if CONSOLE_LOGIN
>>       default n
>>   config BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD
>>       bool
>> +    default y if CONSOLE_LOGIN
>>       default n
>>   config BUSYBOX_DEFAULT_LOGIN_SCRIPTS
>>       bool
>> diff --git a/target/linux/adm5120/base-files-console/etc/inittab
>> b/target/linux/adm5120/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..fb677d6
>> --- /dev/null
>> +++ b/target/linux/adm5120/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyAM0::respawn:/sbin/getty -L 115200 ttyAM0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git
>> a/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> new file mode 100644
>> index 0000000..97a31b1
>> --- /dev/null
>> +++ b/target/linux/ar71xx/base-files-console/etc/uci-defaults/inittab
>> @@ -0,0 +1,6 @@
>> +#!/bin/sh
>> +
>> +CONSOLE="$(sed -e 's/^.*console=\(.*\),[0-9][0-9]*.*$/\1/'
>> /proc/cmdline)"
>> +SPEED="$(sed -e 's/^.*console=.*,\([0-9][0-9]*\).*$/\2/' /proc/cmdline)"
>> +sed -i -e "s/::askconsole:\/bin\/ash
>> --login/${CONSOLE:-ttyS0}::respawn:\/sbin\/getty -L ${SPEED:-115200}
>> ${CONSOLE:-ttyS0}/" /etc/inittab
>> +
>> diff --git a/target/linux/brcm2708/base-files-console/etc/inittab
>> b/target/linux/brcm2708/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..4e62ec9
>> --- /dev/null
>> +++ b/target/linux/brcm2708/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/ipq806x/base-files-console/etc/inittab
>> b/target/linux/ipq806x/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..3886602
>> --- /dev/null
>> +++ b/target/linux/ipq806x/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +# Copyright (c) 2013 The Linux Foundation. All rights reserved.
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyMSM0::respawn:/sbin/getty -L 115200 ttyMSM0
>> diff --git a/target/linux/lantiq/base-files-console/etc/inittab
>> b/target/linux/lantiq/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..5e9d0ca
>> --- /dev/null
>> +++ b/target/linux/lantiq/base-files-console/etc/inittab
>> @@ -0,0 +1,3 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K stop
>> +ttyLTQ0::respawn:/sbin/getty -L 11520 ttyLTQ0
>> diff --git a/target/linux/malta/base-files-console/etc/inittab
>> b/target/linux/malta/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..5fb3c2f
>> --- /dev/null
>> +++ b/target/linux/malta/base-files-console/etc/inittab
>> @@ -0,0 +1,7 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +ttyS1::respawn:/sbin/getty -L 115200 ttyS1
>> +ttyS2::respawn:/sbin/getty -L 115200 ttyS2
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/mediatek/base-files-console/etc/inittab
>> b/target/linux/mediatek/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..2f00c85
>> --- /dev/null
>> +++ b/target/linux/mediatek/base-files-console/etc/inittab
>> @@ -0,0 +1,3 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> diff --git a/target/linux/mxs/base-files-console/etc/inittab
>> b/target/linux/mxs/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..f66e29c
>> --- /dev/null
>> +++ b/target/linux/mxs/base-files-console/etc/inittab
>> @@ -0,0 +1,3 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
>> diff --git a/target/linux/omap/base-files-console/etc/inittab
>> b/target/linux/omap/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..69a7f69
>> --- /dev/null
>> +++ b/target/linux/omap/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyO0::respawn:/sbin/getty -L 115200 ttyO0
>> +ttyO2::respawn:/sbin/getty -L 115200 ttyO2
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/omap24xx/base-files-console/etc/inittab
>> b/target/linux/omap24xx/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..bf19849
>> --- /dev/null
>> +++ b/target/linux/omap24xx/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyO2::respawn:/sbin/getty -L 115200 ttyO2
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/ppc44x/base-files-console/etc/inittab
>> b/target/linux/ppc44x/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..23206fa
>> --- /dev/null
>> +++ b/target/linux/ppc44x/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +ttyS1::respawn:/sbin/getty -L 115200 ttyS1
>> diff --git a/target/linux/realview/base-files-console/etc/inittab
>> b/target/linux/realview/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..a14f90f
>> --- /dev/null
>> +++ b/target/linux/realview/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyAMA0::respawn:/sbin/getty -L 115200 ttyAMA0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/sunxi/base-files-console/etc/inittab
>> b/target/linux/sunxi/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..b4c80de
>> --- /dev/null
>> +++ b/target/linux/sunxi/base-files-console/etc/inittab
>> @@ -0,0 +1,5 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +tts/0::respawn:/sbin/getty -L 115200 tts/0
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>> diff --git a/target/linux/x86/base-files-console/etc/inittab
>> b/target/linux/x86/base-files-console/etc/inittab
>> new file mode 100644
>> index 0000000..060cd53
>> --- /dev/null
>> +++ b/target/linux/x86/base-files-console/etc/inittab
>> @@ -0,0 +1,4 @@
>> +::sysinit:/etc/init.d/rcS S boot
>> +::shutdown:/etc/init.d/rcS K shutdown
>> +ttyS0::respawn:/sbin/getty -L 115200 ttyS0
>> +tty1::respawn:/sbin/getty -L 115200 tty1
>>
> _______________________________________________
> openwrt-devel mailing list
> [email protected]
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
> 
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Reply via email to