[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords
danrl
mail at danrl.com
Fri Feb 17 02:42:15 PST 2017
This patches the busybox passwd source so that even root is not allowed to set
a weak (too short) password. This enables us to define a minimum password length
that is consistent over graphical interfaces (e.g. LuCI) and CLI.
Signed-off-by: Dan Luedtke <mail at danrl.com>
---
.../utils/busybox/patches/900-prevent-weak-root-password.patch | 10 ++++++++++
1 file changed, 10 insertions(+)
create mode 100644 package/utils/busybox/patches/900-prevent-weak-root-password.patch
diff --git a/package/utils/busybox/patches/900-prevent-weak-root-password.patch b/package/utils/busybox/patches/900-prevent-weak-root-password.patch
new file mode 100644
index 0000000000..932848bfbb
--- /dev/null
+++ b/package/utils/busybox/patches/900-prevent-weak-root-password.patch
@@ -0,0 +1,10 @@
+--- a/loginutils/passwd.c
++++ b/loginutils/passwd.c
+@@ -72,7 +72,6 @@ static char* new_password(const struct p
+ newp = xstrdup(newp); /* we are going to bb_ask_stdin() again, so save it */
+ if (ENABLE_FEATURE_PASSWD_WEAK_CHECK
+ && obscure(orig, newp, pw)
+- && myuid != 0
+ ) {
+ goto err_ret; /* non-root is not allowed to have weak passwd */
+ }
--
2.11.0
More information about the Lede-dev
mailing list