[Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords
Grant Edwards
grant.b.edwards at gmail.com
Wed Apr 25 19:39:02 UTC 2012
On 2012-04-25, Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com> wrote:
> On 13:38 Wed 25 Apr , bugzilla at busybox.net wrote:
>> https://bugs.busybox.net/show_bug.cgi?id=5138
>>
>> Summary: Add dropbear config option to allow blank passwords
>> Product: buildroot
>> Version: unspecified
>> Platform: All
>> OS/Version: Linux
>> Status: NEW
>> Severity: enhancement
>> Priority: P5
>> Component: Other
>> AssignedTo: unassigned at buildroot.uclibc.org
>> ReportedBy: grant.b.edwards at gmail.com
>> CC: buildroot at uclibc.org
>> Estimated Hours: 0.0
>>
>>
>> Created attachment 4292
>> --> https://bugs.busybox.net/attachment.cgi?id=4292
>> Patch to add dropbear config option to allow blank passwords
>>
>> Add a configuration option to allow enabling dropbear's ALLOW_BLANK_PASSWORD
>> feature.
>
> this is a security issue
Only if you set it (it defaults to "n") and the device in question is
on an accessible network.
> I prefer to add an option to add a default ssh public key
That doesn't do the same thing.
> I've a patch somewhere
I've no objection to having an option for a default key, but I don't
think it's buildroot's place to try to decide and enforce security
policies. Those decisions belong to the person specifying and
designing the embedded system.
[Not allowing blank passwords in dropbear seems especially silly when
blank passwords are allowed by telnetd, login and openssh.]
--
Grant Edwards grant.b.edwards Yow! BARBARA STANWYCK makes
at me nervous!!
gmail.com
More information about the buildroot
mailing list