[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

danrl mail at danrl.com
Fri Feb 17 02:42:15 PST 2017


This patches the busybox passwd source so that even root is not allowed to set
a weak (too short) password. This enables us to define a minimum password length
that is consistent over graphical interfaces (e.g. LuCI) and CLI.

Signed-off-by: Dan Luedtke <mail at danrl.com>
---
 .../utils/busybox/patches/900-prevent-weak-root-password.patch | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 package/utils/busybox/patches/900-prevent-weak-root-password.patch

diff --git a/package/utils/busybox/patches/900-prevent-weak-root-password.patch b/package/utils/busybox/patches/900-prevent-weak-root-password.patch
new file mode 100644
index 0000000000..932848bfbb
--- /dev/null
+++ b/package/utils/busybox/patches/900-prevent-weak-root-password.patch
@@ -0,0 +1,10 @@
+--- a/loginutils/passwd.c
++++ b/loginutils/passwd.c
+@@ -72,7 +72,6 @@ static char* new_password(const struct p
+ 	newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
+ 	if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
+ 	 && obscure(orig, newp, pw)
+-	 && myuid != 0
+ 	) {
+ 		goto err_ret; /* non-root is not allowed to have weak passwd */
+ 	}
-- 
2.11.0




More information about the Lede-dev mailing list