From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] skeleton: add default login port to /etc/securetty
Date: Sun, 15 Jul 2012 01:08:48 +0200 [thread overview]
Message-ID: <20120715010848.0290501a@skate> (raw)
In-Reply-To: <5001E2B2.6070509@mind.be>
Le Sat, 14 Jul 2012 23:20:50 +0200,
Arnout Vandecappelle <arnout@mind.be> a ?crit :
> I wouldn't like that. I often use the default skeleton but override e.g.
> inittab in the post-build script. I can't be bothered with setting
> BR2_TARGET_GENERIC_GETTY_PORT to empty. So the result is
> that a /etc/securetty would be created which bears no relation with
> the actual login ports defined in inittab... And all this happens on the
> sly, without any consent from the user or warning in the config menus.
>
> Bottom line: automatically adding BR2_TARGET_GENERIC_GETTY_PORT
> to securetty is OK for me, but emptying it is not.
Hmm, ok. But if you're modifying the inittab through a post-build
script, we could also say that it's your responsibility to also
adjust /etc/securetty accordingly, no?
I don't have a strong opinion here, just trying to find the right
balance.
> BTW I can't think of many circumstances where securetty makes sense
> on an embedded system to begin with: why would you allow shell login
> on some port but not root login?
Is removing /etc/securetty sufficient? Both for Busybox getty, the
full-featured getty, and things like dropbear, openssh, telnet and al?
I think telnet needs pts/[0-n] to be in /etc/securetty otherwise it
doesn't allow root login.
Regards,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
next prev parent reply other threads:[~2012-07-14 23:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-13 3:19 [Buildroot] [PATCH 1/1] skeleton: add default login port to /etc/securetty roylee17 at gmail.com
2012-07-14 16:56 ` Arnout Vandecappelle
2012-07-14 17:15 ` Thomas Petazzoni
2012-07-14 21:20 ` Arnout Vandecappelle
2012-07-14 23:08 ` Thomas Petazzoni [this message]
2012-07-15 0:28 ` Arnout Vandecappelle
2012-07-30 15:13 ` Tzu-Jung Lee
2013-05-26 20:14 ` Spenser Gilliland
2013-05-26 20:30 ` Thomas Petazzoni
2013-05-26 20:40 ` Spenser Gilliland
2013-05-26 20:43 ` Spenser Gilliland
2013-05-26 21:00 ` Peter Korsgaard
-- strict thread matches above, loose matches on Subject: below --
2013-05-21 9:56 Tzu-Jung Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120715010848.0290501a@skate \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox