[elbe-devel] [PATCH] efilesystem: dont put root cleartext password into RFS
Manuel Traut
manut at linutronix.de
Thu May 2 20:04:39 CEST 2019
Hi John,
thanks for your feedback!
On 15:04 Thu 02 May , John Ogness wrote:
> On 2019-05-02, Manuel Traut <manut at linutronix.de> wrote:
> > Currently the root password of the RFS is stored in
> > cleartext in /etc/elbe_base.xml. The file is only
> > readable by root. However for security reasons it
> > is better not to have the password inside the filesystem.
> >
> > This sets the passwd XML element to an empty string.
> > The element is not removed because the schema defines
> > it as mandatory.
>
> Do we really want it to be a valid XML with an empty root password? If
> people are going to use the elbe_base.xml to re-generate an image, I
> would prefer that it throws an invalid schema error rather than create
> an image with an empty root password.
Good point, however the file is used by several other elbe subcommands:
- bootup-check
- pkgdiff
- updated
But none of those subcommands currently validate the XML file.
So we will not break existing stuff if we produce an invalid XML.
Another option would be to alter the schema to make passwd optional.
But how should we handle this case during building a RFS?
So i'm basicly fine, by removing the complete passwd element.
Torben, what do you think?
Manu
> > Signed-off-by: Manuel Traut <manut at linutronix.de>
> > ---
> > elbepack/efilesystem.py | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/elbepack/efilesystem.py b/elbepack/efilesystem.py
> > index 1f6428e0..b68c30da 100644
> > --- a/elbepack/efilesystem.py
> > +++ b/elbepack/efilesystem.py
> > @@ -133,6 +133,7 @@ class ElbeFilesystem(Filesystem):
> > version_file.close()
> >
> > elbe_base = self.open("etc/elbe_base.xml", "wb")
> > + xml.tgt.ensure_child('passwd').set_text('')
> > xml.xml.write(elbe_base)
> > self.chmod("etc/elbe_base.xml", stat.S_IREAD)
More information about the elbe-devel
mailing list