[PATCH] su: support denying accounts with blank password
Michael Conrad
mconrad at intellitree.com
Wed Oct 14 09:43:32 UTC 2015
On 10/14/2015 2:37 AM, Natanael Copa wrote:
> The security is based on physical access. The local technician can log
> in without password. (in theory, if you have physical access then you
> have access to it all anyway). And after all, it is the "local technician"
> the device is supposed to protect anyway.
Why run 'login' at all? You can just run "agetty -l /bin/bash" from
init or runit and always have a shell ready.
Alternatively you can randomize the password and print it on the console
with the welcome message.
Just some other ideas.
-Mike
More information about the busybox
mailing list