[PATCH] su: support denying accounts with blank password

Natanael Copa ncopa at alpinelinux.org
Wed Oct 14 11:42:06 UTC 2015


On Wed, 14 Oct 2015 10:45:49 +0200
Denys Vlasenko <vda.linux at googlemail.com> wrote:

> Basically, you want root to have no password and yet,
> you want people to not be able to su to root.

Correct. The thinking is that empty password is better than a bad
password.

> I find this setup strange. You deliberately remove the thing
> which was _designed_ to prevent people to become root
> (the password), and then you add hacks ("su won't accept
> empty password") to plug the hole you just created.
> 
> Do you plan to also teach all other utilities to ignore
> empty password? ssh, login, ftpd...

yes. ftpd does not run as suid root, right? then it is no problem.

sshd has config options for disallow root at all, disallow password
logins (and use ssh keys only) or disallow blank passwords.

> For example, login (at least busybox's one) *works from
> non-root shell*. You can run it from shell, yes.
> It will ask for username, and if user has no password,
> it will log you in!

There is a config option to make busybox login consult securetty.

The only thing left to teach to ignore empty password is busybox su.
Thus this patch.
 
> I continue to think that if you don't want people
> to log in as root, you should simply set root password.

This feature would be for people who want people to log in as root
locally, while still have privilege separation for network services.

-nc


More information about the busybox mailing list