[elbe-devel] [PATCH] efilesystem: dont put root cleartext password into RFS
Manuel Traut
manut at linutronix.de
Thu May 2 11:51:15 CEST 2019
Currently the root password of the RFS is stored in
cleartext in /etc/elbe_base.xml. The file is only
readable by root. However for security reasons it
is better not to have the password inside the filesystem.
This sets the passwd XML element to an empty string.
The element is not removed because the schema defines
it as mandatory.
Signed-off-by: Manuel Traut <manut at linutronix.de>
---
elbepack/efilesystem.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/elbepack/efilesystem.py b/elbepack/efilesystem.py
index 1f6428e0..b68c30da 100644
--- a/elbepack/efilesystem.py
+++ b/elbepack/efilesystem.py
@@ -133,6 +133,7 @@ class ElbeFilesystem(Filesystem):
version_file.close()
elbe_base = self.open("etc/elbe_base.xml", "wb")
+ xml.tgt.ensure_child('passwd').set_text('')
xml.xml.write(elbe_base)
self.chmod("etc/elbe_base.xml", stat.S_IREAD)
--
2.20.1
More information about the elbe-devel
mailing list