[OE-core] [PATCH 2/2] base-passwd: set root's default password to 'root'

Robert Yang liezhi.yang at windriver.com
Thu Nov 24 02:01:59 UTC 2016



On 11/23/2016 07:16 PM, Patrick Ohly wrote:
> On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote:
>> [YOCTO #10710]
>>
>> Otherwise, we can't login as root when debug-tweaks is not in
>> IMAGE_FEATURES, and there is no other users to login by default, so
>> there is no way to login.
>
> Wait a second, are you really suggesting that OE-core should have a
> default root password in its default configuration?
>
> That's very bad practice and I'm against doing it this way. Having a
> default password is one of the common vulnerabilities in actual devices
> on the market today. OE-core should make it hard to make that mistake,
> not actively introduce it.
>
> So if you think that having a root password set (instead of empty), then
> at least make it an opt-in behavior that explicitly has to be selected.
> Make it an image feature so that images with and without default
> password can be build in the same build configuration. Changing
> base-passwd doesn't achieve that.
>
> Even then I'm still wondering what the benefit of a well-known password
> compared to no password is. Both are equally insecure, so someone who
> wants to allow logins might as well go with "empty password".

The problem is that when debug-tweaks or empty-root-password is not in
IMAGE_FEATURE, there is no way to login by default, which will surprise
the user. How about:

1) Let user can set root passwd via a variable when building.

Or/And

2) Warn the user at build time when the image is unable to login.

// Robert

>



More information about the Openembedded-core mailing list