[elbe-devel] [PATCH] efilesystem: dont put root cleartext password into RFS
John Ogness
john.ogness at linutronix.de
Thu May 2 22:10:32 CEST 2019
On 2019-05-02, Manuel Traut <manut at linutronix.de> wrote:
> On 15:04 Thu 02 May , John Ogness wrote:
>> On 2019-05-02, Manuel Traut <manut at linutronix.de> wrote:
>> > Currently the root password of the RFS is stored in
>> > cleartext in /etc/elbe_base.xml. The file is only
>> > readable by root. However for security reasons it
>> > is better not to have the password inside the filesystem.
>> >
>> > This sets the passwd XML element to an empty string.
>> > The element is not removed because the schema defines
>> > it as mandatory.
>>
>> Do we really want it to be a valid XML with an empty root password? If
>> people are going to use the elbe_base.xml to re-generate an image, I
>> would prefer that it throws an invalid schema error rather than create
>> an image with an empty root password.
>
> Good point, however the file is used by several other elbe subcommands:
>
> - bootup-check
> - pkgdiff
> - updated
>
> But none of those subcommands currently validate the XML file.
> So we will not break existing stuff if we produce an invalid XML.
>
> Another option would be to alter the schema to make passwd optional.
> But how should we handle this case during building a RFS?
I like the idea of having it optional. If it is missing, it can setup
the root account to be disabled:
root:!:...
Right now I have to use finetuning to accomplish that.
By the way, I suppose the same goes for passwd of adduser. That also
should not be in the elbe_base.xml.
John Ogness
More information about the elbe-devel
mailing list