From: Daniel Dickinson <open...@daniel.thecshore.com>
Failsafe mode while convenient for development and experimentation
can reasonbly considered a major security loophole (by giving an
easy way to gain passwordless root access to the device), therefore
we add the ability to build images with failsafe mode disable, either
through a compile time option, or through an image generation-time
option (passing NOFAILSAFE=1 in make command line when generating
image either through buildroot or through imagebuilder).
Signed-off-by: Daniel Dickinson <open...@daniel.thecshore.com>
---
include/image.mk | 1 +
package/base-files/Makefile | 1 +
.../files/lib/preinit/10_indicate_failsafe | 3 +++
.../base-files/files/lib/preinit/30_failsafe_wait | 24 ++++++++++++++--------
.../files/lib/preinit/40_run_failsafe_hook | 3 +++
package/base-files/image-config.in | 19 +++++++++++++----
target/imagebuilder/files/Makefile | 3 ++-
7 files changed, 41 insertions(+), 13 deletions(-)
diff --git a/include/image.mk b/include/image.mk
index 5413481..2528094 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -278,6 +278,7 @@ define Image/mkfs/prepare/default
chmod 1777 $(TARGET_DIR)/tmp
mkdir -p $(TARGET_DIR)/lib/preinit
$(if $(PASSWORDLESS_CONSOLE),touch
$(TARGET_DIR)/lib/preinit/zz_passwordless_console)
+ $(if $(NOFAILSAFE),echo 'pi_preinit_no_failsafe=y'
>>$(TARGET_DIR)/lib/preinit/00_preinit.conf)
endef
define Image/mkfs/prepare
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index bf32f63..0b0d5af 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -80,6 +80,7 @@ define ImageConfigOptions
echo 'pi_broadcast=$(if
$(CONFIG_TARGET_PREINIT_BROADCAST),$(CONFIG_TARGET_PREINIT_BROADCAST),"192.168.1.255")'
>>$(1)/lib/preinit/00_preinit.conf
echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"'
>>$(1)/lib/preinit/00_preinit.conf
echo
'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"'
>>$(1)/lib/preinit/00_preinit.conf
+ echo
'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"'
>>$(1)/lib/preinit/00_preinit.conf
endef
endif
diff --git a/package/base-files/files/lib/preinit/10_indicate_failsafe
b/package/base-files/files/lib/preinit/10_indicate_failsafe
index 6afae41..da8ef18 100644
--- a/package/base-files/files/lib/preinit/10_indicate_failsafe
+++ b/package/base-files/files/lib/preinit/10_indicate_failsafe
@@ -9,6 +9,9 @@ indicate_failsafe_led () {
}
indicate_failsafe() {
+ if [ "$pi_preinit_no_failsafe" = "y" ]; then
+ return
+ fi
echo "- failsafe -"
preinit_net_echo "Entering Failsafe!\n"
indicate_failsafe_led
diff --git a/package/base-files/files/lib/preinit/30_failsafe_wait
b/package/base-files/files/lib/preinit/30_failsafe_wait
index 3d69baf..514bab4 100644
--- a/package/base-files/files/lib/preinit/30_failsafe_wait
+++ b/package/base-files/files/lib/preinit/30_failsafe_wait
@@ -39,7 +39,9 @@ fs_wait_for_key () {
rm -f $keypress_wait
} &
- echo "Press the [$1] key and hit [enter] $2"
+ if [ "$pi_preinit_no_failsafe" != "y" ]; then
+ echo "Press the [$1] key and hit [enter] $2"
+ fi
echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the
debug level"
# if we're on the console we wait for input
{
@@ -82,14 +84,20 @@ fs_wait_for_key () {
failsafe_wait() {
FAILSAFE=
- grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export FAILSAFE
+ if [ "$pi_preinit_no_failsafe" != "y" ]; then
+ grep -q 'failsafe=' /proc/cmdline && FAILSAFE=true && export
FAILSAFE
+ fi
if [ "$FAILSAFE" != "true" ]; then
- pi_failsafe_net_message=true
- preinit_net_echo "Please press button now to enter failsafe"
- pi_failsafe_net_message=false
- fs_wait_for_key f 'to enter failsafe mode'
$fs_failsafe_wait_timeout && FAILSAFE=true
- [ -f "/tmp/failsafe_button" ] && FAILSAFE=true && echo "-
failsafe button "`cat /tmp/failsafe_button`" was pressed -"
- [ "$FAILSAFE" = "true" ] && export FAILSAFE && touch
/tmp/failsafe
+ if [ "$pi_preinit_no_failsafe" != "y" ]; then
+ pi_failsafe_net_message=true
+ preinit_net_echo "Please press button now to enter
failsafe"
+ pi_failsafe_net_message=false
+ fs_wait_for_key f 'to enter failsafe mode'
$fs_failsafe_wait_timeout && FAILSAFE=true
+ [ -f "/tmp/failsafe_button" ] && FAILSAFE=true && echo
"- failsafe button "`cat /tmp/failsafe_button`" was pressed -"
+ [ "$FAILSAFE" = "true" ] && export FAILSAFE && touch
/tmp/failsafe
+ else
+ fs_wait_for_key "" "" $fs_failsafe_wait_timeout
+ fi
fi
}
diff --git a/package/base-files/files/lib/preinit/40_run_failsafe_hook
b/package/base-files/files/lib/preinit/40_run_failsafe_hook
index cb43ad3..9afa33f 100644
--- a/package/base-files/files/lib/preinit/40_run_failsafe_hook
+++ b/package/base-files/files/lib/preinit/40_run_failsafe_hook
@@ -3,6 +3,9 @@
# Copyright (C) 2010 Vertical Communications
run_failsafe_hook() {
+ if [ "$pi_preinit_no_failsafe" = "y" ]; then
+ return
+ fi
if [ "$FAILSAFE" = "true" ]; then
boot_run_hook failsafe
lock -w /tmp/.failsafe
diff --git a/package/base-files/image-config.in
b/package/base-files/image-config.in
index 3dfbedc..cec9f52 100644
--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -24,13 +24,24 @@ config TARGET_PREINIT_SUPPRESS_STDERR
the ash shell launched by inittab will display stderr). That's
the same behaviour as seen in previous version of OpenWrt.
+config TARGET_PREINIT_DISABLE_FAILSAFE
+ bool
+ prompt "Disable failsafe" if PREINITOPT
+ default n
+ help
+ Disable failsafe mode. While it is very handy while
+ experimenting or developing it really ought to be
+ disabled in production environments as it is a major
+ security loophole.
+
config TARGET_PREINIT_TIMEOUT
int
- prompt "Failsafe wait timeout" if PREINITOPT
+ prompt "Failsafe/Debug wait timeout" if PREINITOPT
default 2
help
- How long to wait for failsafe mode to be entered before
- continuing with a regular boot if failsafe not selected.
+ How long to wait for failsafe mode to be entered or for
+ a debug option to be pressed before continuing with a
+ regular boot.
config TARGET_PREINIT_SHOW_NETMSG
bool
@@ -45,7 +56,7 @@ config TARGET_PREINIT_SHOW_NETMSG
config TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG
bool
- prompt "Suppress network message indicating failsafe" if PREINITOPT
+ prompt "Suppress network message indicating failsafe" if ( PREINITOPT
&& !TARGET_PREINIT_SHOW_NETMSG && !TARGET_PREINIT_DISABLE_FAILSAFE )
default n
help
If "Show all preinit network messages" above is not set, then
diff --git a/target/imagebuilder/files/Makefile
b/target/imagebuilder/files/Makefile
index 64e55e2..f9838cf 100644
--- a/target/imagebuilder/files/Makefile
+++ b/target/imagebuilder/files/Makefile
@@ -44,6 +44,7 @@ Building images:
make image FILES="<path>" # include extra files from <path>
make image BIN_DIR="<path>" # alternative output directory for the
images
make image PASSWORDLESS_CONSOLE=1 # Disable requiring login prompt to
get console shell
+ make image NOFAILSAFE=1 # Disable failsafe mode
endef
$(eval $(call shexport,Helptext))
@@ -174,7 +175,7 @@ package_postinst: FORCE
build_image: FORCE
@echo
@echo Building images...
- $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1
IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" \
+ $(NO_TRACE_MAKE) -C target/linux/$(BOARD)/image install TARGET_BUILD=1
IB=1 PASSWORDLESS_CONSOLE="$(PASSWORDLESS_CONSOLE)" NOFAILSAFE="$(NOFAILSAFE)" \
$(if $(USER_PROFILE),PROFILE="$(USER_PROFILE)")
clean:
--
2.4.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
