[OE-core] [PATCH 2/3] image.bbclass: remove zap_root_password
Mark Hatle
mark.hatle at windriver.com
Tue Dec 10 15:36:28 UTC 2013
On 12/10/13, 6:15 AM, Paul Eggleton wrote:
> Hi Qi,
>
> On Tuesday 10 December 2013 17:58:51 Qi.Chen at windriver.com wrote:
>> From: Chen Qi <Qi.Chen at windriver.com>
>>
>> This function replaces the root password with '*' if 'debug-tweaks'
>> is not in IMAGE_FEATURES. As a result, if we don't have 'debug-tweaks',
>> we would be locked out of the system. That means, if the user uses a
>> bbappend file for base-passwd to set the root password, he would not be
>> able to login as root; if the user uses 'EXTRA_USERS_PARAMS' to set
>> the root password, he would still not be able to login as root.
>>
>> In a word, this function should be removed to make things work correctly.
>
> Er, unless I'm missing something about what you're adding in the other patch,
> you *cannot* simply remove this. The intentional design of the existing code
> is that having "debug-tweaks" in IMAGE_FEATURES means that you can log in as
> root with no password; but most importantly if "debug-tweaks" is not present
> you cannot log in at all as root (in the absence of anything that sets the
> root password, of course). Any changes must preserve this behaviour.
I agree. The default behavior on most systems should be absolutely no way to
directly login as root. Instead logins should occur based on a non-privileged
user. (The other patches in that set look good to me.)
--Mark
> Cheers,
> Paul
>
More information about the Openembedded-core
mailing list