[Buildroot] [PATCH] target: add option to set the root password

[Buildroot] [PATCH] target: add option to set the root password

[Yann E. MORIN]

Add an option in the menuconfig to specify a root password.

If set to empty, no root password is created; otherwise, the password is
encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but
MD5 is widely available, not-so-strong, but not-so-weak either).

Add a check for 'mkpasswd' as a new dependency.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
---
Switched to using MD5 as per Arnout's suggestion:
    http://lists.busybox.net/pipermail/buildroot/2012-September/058712.html
---
 support/dependencies/dependencies.sh |    7 +++++++
 system/Config.in                     |   21 +++++++++++++++++++++
 system/system.mk                     |   14 ++++++++++++++
 3 files changed, 42 insertions(+), 0 deletions(-)

diff --git a/support/dependencies/dependencies.sh b/support/dependencies/dependencies.sh
index 9f0f6a9..edf49e9 100755
--- a/support/dependencies/dependencies.sh
+++ b/support/dependencies/dependencies.sh
@@ -158,3 +158,10 @@ if grep ^BR2_TOOLCHAIN_BUILDROOT=y $CONFIG_FILE > /dev/null && \
        exit 1 ;
    fi
 fi
+
+if grep -E '^TARGET_GENERIC_ROOT_PASSWD=".+"$' $CONFIG_FILE > /dev/null 2>&1; then
+    if ! which mkpasswd > /dev/null 2>&1; then
+        /bin/echo -e "\nYou need the 'mkpasswd' utility to set the root password\n"
+        exit 1
+    fi
+fi
diff --git a/system/Config.in b/system/Config.in
index 10c9d9d..9a9c197 100644
--- a/system/Config.in
+++ b/system/Config.in
@@ -12,6 +12,27 @@ config BR2_TARGET_GENERIC_ISSUE
        help
          Select system banner (/etc/issue) to be displayed at login.
 
+config BR2_TARGET_GENERIC_ROOT_PASSWD
+	string "root password"
+	default ""
+	help
+	  Set the initial root password. It will be md5-encrypted.
+	  
+	  If set to empty (the default), then no root password will be set,
+	  and root will need no password to log in.
+	  
+	  WARNING! WARNING!
+	  Although pretty strong, MD5 is now an old hash function, and
+	  suffers from som weaknesses, wihch makes it susceptible to attacks.
+	  It is showing its age, so this root password should not be trusted
+	  to properly secure any product that can be shipped to the wide,
+	  hostile world.
+	  
+	  WARNING! WARNING!
+	  The password appears in clear in the .config file, and may appear
+	  in the build log! Avoid using a valuable password if either the
+	  .config file or the build log may be distributed!
+
 choice
 	prompt "/dev management"
 	default BR2_ROOTFS_DEVICE_CREATION_STATIC
diff --git a/system/system.mk b/system/system.mk
index 4185202..5219f3f 100644
--- a/system/system.mk
+++ b/system/system.mk
@@ -1,5 +1,6 @@
 TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
 TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
+TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
 TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
 TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
 
@@ -13,6 +14,13 @@ target-generic-issue:
 	mkdir -p $(TARGET_DIR)/etc
 	echo "$(TARGET_GENERIC_ISSUE)" > $(TARGET_DIR)/etc/issue
 
+target-no-root-passwd:
+	$(SED) "s/^root:[^:]*:/root::/" $(TARGET_DIR)/etc/shadow
+
+target-root-passwd:
+	root_passwd="$$( mkpasswd -m md5 "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \
+	$(SED) "s,^root::,root:$${root_passwd}:," $(TARGET_DIR)/etc/shadow
+
 target-generic-getty-busybox:
 	$(SED) '/# GENERIC_SERIAL$$/s~^.*#~$(TARGET_GENERIC_GETTY)::respawn:/sbin/getty -L $(TARGET_GENERIC_GETTY) $(TARGET_GENERIC_GETTY_BAUDRATE) vt100 #~' \
 		$(TARGET_DIR)/etc/inittab
@@ -39,6 +47,12 @@ ifneq ($(TARGET_GENERIC_ISSUE),)
 TARGETS += target-generic-issue
 endif
 
+ifneq ($(TARGET_GENERIC_ROOT_PASSWD),)
+TARGETS += target-root-passwd
+else
+TARGETS += target-no-root-passwd
+endif
+
 ifeq ($(BR2_ROOTFS_SKELETON_DEFAULT),y)
 ifeq ($(BR2_PACKAGE_SYSVINIT),y)
 TARGETS += target-generic-getty-sysvinit
-- 
1.7.2.5

[Buildroot] [PATCH] target: add option to set the root password

[Arnout Vandecappelle]

On 11/10/12 00:28, Yann E. MORIN wrote:
> Add an option in the menuconfig to specify a root password.
>
> If set to empty, no root password is created; otherwise, the password is
> encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but
> MD5 is widely available, not-so-strong, but not-so-weak either).
>
> Add a check for 'mkpasswd' as a new dependency.

  Is it necessary to put the plaintext password in the .config?  Why not put the
output of mkpasswd in the config, and explain in the help text how to produce
it?  Perhaps even with vVj0miIkzZnhg as an example of password root.  So the
help text could be:

	  Set the root password. This is the crypt'ed password as it should
	  appear in /etc/shadow. To create a password, use the mkpasswd
	  utility: "mkpasswd -m md5" to create an md5-crypted password.

	  Note that sha256 or sha512-crypted passwords are preferred, because
	  md5 is somewhat compromised. However, the default busybox
	  configuration does not have support for sha256 and sha512 passwords.

  Obviously, this will make the patch much simpler, as there won't be a need
anymore to distinguish between no-root-passwd and root-passwd.

  Regards,
  Arnout
-- 
Arnout Vandecappelle                               arnout at mind be
Senior Embedded Software Architect                 +32-16-286540
Essensium/Mind                                     http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium                BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7CB5 E4CC 6C2E EFD4 6E3D A754 F963 ECAB 2450 2F1F

[Buildroot] [PATCH] target: add option to set the root password

[Yann E. MORIN]

Arnout, All,

On Saturday 10 November 2012 Arnout Vandecappelle wrote:
> On 11/10/12 00:28, Yann E. MORIN wrote:
> > Add an option in the menuconfig to specify a root password.
> >
> > If set to empty, no root password is created; otherwise, the password is
> > encrypted using MD5 (MD5 is not the default for crypt(3), DES-56 is, but
> > MD5 is widely available, not-so-strong, but not-so-weak either).
> >
> > Add a check for 'mkpasswd' as a new dependency.
> 
> Is it necessary to put the plaintext password in the .config?

At least, that's what /I/ would expect.

> Why not put the output of mkpasswd in the config, and explain in the help
> text how to produce it?

I'm afraid relying on the user to enter the properly-formatted encrypted
password is doomed:
  - it means the user has to read the help text (and we know users do not
    not read help texts ;-) ), switch to another terminal, enter the command,
    copy the ouput, switch back to the terminal with the menu, paste the
    output;
  - user may decide to use another encryption scheme (eg. SHA256), when we
    can only guarantee that MD5 and DES-56 are available;
  - user input is unreliable, by definition. Even copy-paste is prone to
    errors (eg. missing few first or last chars). In case the user /forgets/
    his/her root pasword, he/she can recover the password by looking at the
    .config file afterward.

> Obviously, this will make the patch much simpler, as there won't be a need
> anymore to distinguish between no-root-passwd and root-passwd.

Well, the patch is not very complex in the state, either.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'