Hi Imre,
On 23/12/15 07:05 AM, Imre Kaloz wrote:
Hi Daniel,
On Wed, 23 Dec 2015 07:58:59 +0100, Daniel Dickinson
<[email protected]> wrote:
I am reworking this (requiring console login) as couple of packages
for the packages feed, although it may require an image.mk or packages
Makefile hook in order to embed an appropriate inittab into the image
(since the inittab will need to be modified and we need to guarantee
the correct order of actions; and inittab comes from base-files which
is last thing done in the packages Makefile).
I hope the other devs will chime in, but FWIW I would make this enabled
unconditionally across all targets. As we already have a way to do a
"factory reset" using the reset button, IMHO failsafe should also
enforce login passwords everywhere, including the serial console.
At the present time it is actually not possible to using /bin/login from
within the preinit context and therefore making passwords required
during failsafe is not currently possible.
There are two problems:
The first issue is that others have pointed out, using passwords not
embedded in the squashfs would require using mount_root, but one of the
objectives of failsafe is to provide a why to recover when mount_root
produces bad behaviour or just doesn't work.
The second (well and third) is that /bin/login issues vhangup (to
prevent password sniffing) but that means any surrounding shell loses
the tty and exits. The only way around that issue (in failsafe) is exec
/bin/login BUT preinit is 'the' init which means login replaces init and
it is impossible for commands like mount_root to execute because they
depend on being able to talk to the actual init not something that has
exec'd init and isn't listening for them.
Basically failsafe/preinit is operating single user mode and that really
limits what you can do to work around the issue. If you added getty
into the mix it might be possible make failsafe use login, but that's
work for another day.
Regards,
Daniel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
