[Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Edwards <grant.b.edwards@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords
Date: Wed, 25 Apr 2012 19:39:02 +0000 (UTC)	[thread overview]
Message-ID: <jn9jsk$fob$1@dough.gmane.org> (raw)
In-Reply-To: 20120425141823.GB20601@game.jcrosoft.org

On 2012-04-25, Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> wrote:
> On 13:38 Wed 25 Apr     , bugzilla at busybox.net wrote:
>> https://bugs.busybox.net/show_bug.cgi?id=5138
>> 
>>            Summary: Add dropbear config option to allow blank passwords
>>            Product: buildroot
>>            Version: unspecified
>>           Platform: All
>>         OS/Version: Linux
>>             Status: NEW
>>           Severity: enhancement
>>           Priority: P5
>>          Component: Other
>>         AssignedTo: unassigned at buildroot.uclibc.org
>>         ReportedBy: grant.b.edwards at gmail.com
>>                 CC: buildroot at uclibc.org
>>    Estimated Hours: 0.0
>> 
>> 
>> Created attachment 4292
>>   --> https://bugs.busybox.net/attachment.cgi?id=4292
>> Patch to add dropbear config option to allow blank passwords
>> 
>> Add a configuration option to allow enabling dropbear's ALLOW_BLANK_PASSWORD
>> feature.
>
> this is a security issue

Only if you set it (it defaults to "n") and the device in question is
on an accessible network.

> I prefer to add an option to add a default ssh public key

That doesn't do the same thing.

> I've a patch somewhere

I've no objection to having an option for a default key, but I don't
think it's buildroot's place to try to decide and enforce security
policies.  Those decisions belong to the person specifying and
designing the embedded system.

[Not allowing blank passwords in dropbear seems especially silly when
blank passwords are allowed by telnetd, login and openssh.]

-- 
Grant Edwards               grant.b.edwards        Yow! BARBARA STANWYCK makes
                                  at               me nervous!!
                              gmail.com

next prev parent reply	other threads:[~2012-04-25 19:39 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-25 13:38 [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords bugzilla at busybox.net
2012-04-25 14:18 ` Jean-Christophe PLAGNIOL-VILLARD
2012-04-25 19:39   ` Grant Edwards [this message]
2012-04-27 14:35     ` Thomas Petazzoni
2013-05-26  8:46 ` [Buildroot] [Bug 5138] " bugzilla at busybox.net

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='jn9jsk$fob$1@dough.gmane.org' \
    --to=grant.b.edwards@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.