From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] skeleton: add default login port to /etc/securetty
Date: Sun, 15 Jul 2012 01:08:48 +0200 [thread overview]
Message-ID: <20120715010848.0290501a@skate> (raw)
In-Reply-To: <5001E2B2.6070509@mind.be>
Le Sat, 14 Jul 2012 23:20:50 +0200,
Arnout Vandecappelle <arnout@mind.be> a ?crit :
> I wouldn't like that. I often use the default skeleton but override e.g.
> inittab in the post-build script. I can't be bothered with setting
> BR2_TARGET_GENERIC_GETTY_PORT to empty. So the result is
> that a /etc/securetty would be created which bears no relation with
> the actual login ports defined in inittab... And all this happens on the
> sly, without any consent from the user or warning in the config menus.
>
> Bottom line: automatically adding BR2_TARGET_GENERIC_GETTY_PORT
> to securetty is OK for me, but emptying it is not.
Hmm, ok. But if you're modifying the inittab through a post-build
script, we could also say that it's your responsibility to also
adjust /etc/securetty accordingly, no?
I don't have a strong opinion here, just trying to find the right
balance.
> BTW I can't think of many circumstances where securetty makes sense
> on an embedded system to begin with: why would you allow shell login
> on some port but not root login?
Is removing /etc/securetty sufficient? Both for Busybox getty, the
full-featured getty, and things like dropbear, openssh, telnet and al?
I think telnet needs pts/[0-n] to be in /etc/securetty otherwise it
doesn't allow root login.
Regards,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
next prev parent reply other threads:[~2012-07-14 23:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-13 3:19 [Buildroot] [PATCH 1/1] skeleton: add default login port to /etc/securetty roylee17 at gmail.com
2012-07-14 16:56 ` Arnout Vandecappelle
2012-07-14 17:15 ` Thomas Petazzoni
2012-07-14 21:20 ` Arnout Vandecappelle
2012-07-14 23:08 ` Thomas Petazzoni [this message]
2012-07-15 0:28 ` Arnout Vandecappelle
2012-07-30 15:13 ` Tzu-Jung Lee
2013-05-26 20:14 ` Spenser Gilliland
2013-05-26 20:30 ` Thomas Petazzoni
2013-05-26 20:40 ` Spenser Gilliland
2013-05-26 20:43 ` Spenser Gilliland
2013-05-26 21:00 ` Peter Korsgaard
-- strict thread matches above, loose matches on Subject: below --
2013-05-21 9:56 Tzu-Jung Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120715010848.0290501a@skate \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.