[git commit] sulogin: allow system maintenance login if root password is empty

Denys Vlasenko vda.linux at googlemail.com
Tue May 21 15:01:55 UTC 2013


commit: http://git.busybox.net/busybox/commit/?id=b6dc13c2d3754704b1bf5af4e6b957b48585102f
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master

The current password checking is unable to distinguish between the user
entering an empty password or pressing Control-D. As a result, an empty
password always results in normal startup.

We modify bb_ask to return NULL if Control-D is pressed without entering
a password. The sulogin applet is then modified to only proceed to
normal startup if bb_ask returns NULL. This covers EOF with no password,
interrupt by timeout and ^C.

Signed-off-by: Jonathan Liu <net147 at gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 libbb/bb_askpass.c   |    4 +++-
 loginutils/sulogin.c |    4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/libbb/bb_askpass.c b/libbb/bb_askpass.c
index fe2b506..77c1bcd 100644
--- a/libbb/bb_askpass.c
+++ b/libbb/bb_askpass.c
@@ -65,7 +65,9 @@ char* FAST_FUNC bb_ask(const int fd, int timeout, const char *prompt)
 	i = 0;
 	while (1) {
 		int r = read(fd, &ret[i], 1);
-		if (r < 0) {
+		if ((i == 0 && r == 0) /* EOF (^D) with no password */
+		 || r < 0
+		) {
 			/* read is interrupted by timeout or ^C */
 			ret = NULL;
 			break;
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index f79802a..65e6384 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -83,8 +83,8 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
 		cp = bb_ask(STDIN_FILENO, timeout,
 				"Give root password for system maintenance\n"
 				"(or type Control-D for normal startup):");
-
-		if (!cp || !*cp) {
+		if (!cp) {
+			/* ^D, ^C, timeout, or read error */
 			bb_info_msg("Normal startup");
 			return 0;
 		}


More information about the busybox-cvs mailing list