On 11/23/2016 07:16 PM, Patrick Ohly wrote:
On Tue, 2016-11-22 at 23:49 -0800, Robert Yang wrote:
[YOCTO #10710]
Otherwise, we can't login as root when debug-tweaks is not in
IMAGE_FEATURES, and there is no other users to login by default, so
there is no way to login.
Wait a second, are you really suggesting that OE-core should have a
default root password in its default configuration?
That's very bad practice and I'm against doing it this way. Having a
default password is one of the common vulnerabilities in actual devices
on the market today. OE-core should make it hard to make that mistake,
not actively introduce it.
So if you think that having a root password set (instead of empty), then
at least make it an opt-in behavior that explicitly has to be selected.
Make it an image feature so that images with and without default
password can be build in the same build configuration. Changing
base-passwd doesn't achieve that.
Even then I'm still wondering what the benefit of a well-known password
compared to no password is. Both are equally insecure, so someone who
wants to allow logins might as well go with "empty password".
The problem is that when debug-tweaks or empty-root-password is not in
IMAGE_FEATURE, there is no way to login by default, which will surprise
the user. How about:
1) Let user can set root passwd via a variable when building.
Or/And
2) Warn the user at build time when the image is unable to login.
// Robert
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
