[PATCH] su: support denying accounts with blank password
Natanael Copa
ncopa at alpinelinux.org
Tue Jun 9 19:44:40 UTC 2015
On Tue, 9 Jun 2015 07:57:17 -0700
Isaac Dunham <ibid.ag at gmail.com> wrote:
> On Tue, Jun 09, 2015 at 01:06:05PM +0200, Natanael Copa wrote:
> > Add a compile time option to disallow switching to an account with blank
> > password.
>
> And how does one set the root password, if you blank the root password?
> Wouldn't this result in a system that's permanently unadministrable
> unless you recover via init=/bin/sh, chroot, or such?
This does not change 'login' only 'su', so you can still log in via
physical terminal (or lxc-console in case it is a container).
> Or is blanking the root password completely wrong?
The idea behind the patch was actually for situations where the root
password intentionally is blank and you log in with an ssh key, or with
physical access.
It is an interesting dilemma. What is worse, blank root password or
weak/default root password (eg 'root' or similar)?
I'd say bad password is worse than blank because default sshd config
will happily let anyone in with a bad password, but will not accept a
blank password. But currently, a blank root password will effectively
make all accounts root accounts since 'su' will let anyone elevate to
root.
-nc
> Thanks,
> Isaac Dunham
>
More information about the busybox
mailing list