[elbe-devel] [PATCH] efilesystem: dont put root cleartext password into RFS
Manuel Traut
manut at linutronix.de
Thu May 2 22:27:10 CEST 2019
On 22:10 Thu 02 May , John Ogness wrote:
> On 2019-05-02, Manuel Traut <manut at linutronix.de> wrote:
> > On 15:04 Thu 02 May , John Ogness wrote:
> >> On 2019-05-02, Manuel Traut <manut at linutronix.de> wrote:
> >> > Currently the root password of the RFS is stored in
> >> > cleartext in /etc/elbe_base.xml. The file is only
> >> > readable by root. However for security reasons it
> >> > is better not to have the password inside the filesystem.
> >> >
> >> > This sets the passwd XML element to an empty string.
> >> > The element is not removed because the schema defines
> >> > it as mandatory.
> >>
> >> Do we really want it to be a valid XML with an empty root password? If
> >> people are going to use the elbe_base.xml to re-generate an image, I
> >> would prefer that it throws an invalid schema error rather than create
> >> an image with an empty root password.
> >
> > Good point, however the file is used by several other elbe subcommands:
> >
> > - bootup-check
> > - pkgdiff
> > - updated
> >
> > But none of those subcommands currently validate the XML file.
> > So we will not break existing stuff if we produce an invalid XML.
> >
> > Another option would be to alter the schema to make passwd optional.
> > But how should we handle this case during building a RFS?
>
> I like the idea of having it optional. If it is missing, it can setup
> the root account to be disabled:
>
> root:!:...
>
> Right now I have to use finetuning to accomplish that.
>
> By the way, I suppose the same goes for passwd of adduser. That also
> should not be in the elbe_base.xml.
If Torben is also fine with those 2 recommendations i will implement it
that way and send a v2.
Thanks for the input,
Manu
More information about the elbe-devel
mailing list