* [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords
@ 2012-04-25 13:38 bugzilla at busybox.net
2012-04-25 14:18 ` Jean-Christophe PLAGNIOL-VILLARD
2013-05-26 8:46 ` [Buildroot] [Bug 5138] " bugzilla at busybox.net
0 siblings, 2 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2012-04-25 13:38 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=5138
Summary: Add dropbear config option to allow blank passwords
Product: buildroot
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Other
AssignedTo: unassigned at buildroot.uclibc.org
ReportedBy: grant.b.edwards at gmail.com
CC: buildroot at uclibc.org
Estimated Hours: 0.0
Created attachment 4292
--> https://bugs.busybox.net/attachment.cgi?id=4292
Patch to add dropbear config option to allow blank passwords
Add a configuration option to allow enabling dropbear's ALLOW_BLANK_PASSWORD
feature.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords
2012-04-25 13:38 [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords bugzilla at busybox.net
@ 2012-04-25 14:18 ` Jean-Christophe PLAGNIOL-VILLARD
2012-04-25 19:39 ` Grant Edwards
2013-05-26 8:46 ` [Buildroot] [Bug 5138] " bugzilla at busybox.net
1 sibling, 1 reply; 5+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2012-04-25 14:18 UTC (permalink / raw)
To: buildroot
On 13:38 Wed 25 Apr , bugzilla at busybox.net wrote:
> https://bugs.busybox.net/show_bug.cgi?id=5138
>
> Summary: Add dropbear config option to allow blank passwords
> Product: buildroot
> Version: unspecified
> Platform: All
> OS/Version: Linux
> Status: NEW
> Severity: enhancement
> Priority: P5
> Component: Other
> AssignedTo: unassigned at buildroot.uclibc.org
> ReportedBy: grant.b.edwards at gmail.com
> CC: buildroot at uclibc.org
> Estimated Hours: 0.0
>
>
> Created attachment 4292
> --> https://bugs.busybox.net/attachment.cgi?id=4292
> Patch to add dropbear config option to allow blank passwords
>
> Add a configuration option to allow enabling dropbear's ALLOW_BLANK_PASSWORD
> feature.
this is a security issue
I prefer to add an option to add a default ssh public key
I've a patch somewhere
Best Regards,
J.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords
2012-04-25 14:18 ` Jean-Christophe PLAGNIOL-VILLARD
@ 2012-04-25 19:39 ` Grant Edwards
2012-04-27 14:35 ` Thomas Petazzoni
0 siblings, 1 reply; 5+ messages in thread
From: Grant Edwards @ 2012-04-25 19:39 UTC (permalink / raw)
To: buildroot
On 2012-04-25, Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com> wrote:
> On 13:38 Wed 25 Apr , bugzilla at busybox.net wrote:
>> https://bugs.busybox.net/show_bug.cgi?id=5138
>>
>> Summary: Add dropbear config option to allow blank passwords
>> Product: buildroot
>> Version: unspecified
>> Platform: All
>> OS/Version: Linux
>> Status: NEW
>> Severity: enhancement
>> Priority: P5
>> Component: Other
>> AssignedTo: unassigned at buildroot.uclibc.org
>> ReportedBy: grant.b.edwards at gmail.com
>> CC: buildroot at uclibc.org
>> Estimated Hours: 0.0
>>
>>
>> Created attachment 4292
>> --> https://bugs.busybox.net/attachment.cgi?id=4292
>> Patch to add dropbear config option to allow blank passwords
>>
>> Add a configuration option to allow enabling dropbear's ALLOW_BLANK_PASSWORD
>> feature.
>
> this is a security issue
Only if you set it (it defaults to "n") and the device in question is
on an accessible network.
> I prefer to add an option to add a default ssh public key
That doesn't do the same thing.
> I've a patch somewhere
I've no objection to having an option for a default key, but I don't
think it's buildroot's place to try to decide and enforce security
policies. Those decisions belong to the person specifying and
designing the embedded system.
[Not allowing blank passwords in dropbear seems especially silly when
blank passwords are allowed by telnetd, login and openssh.]
--
Grant Edwards grant.b.edwards Yow! BARBARA STANWYCK makes
at me nervous!!
gmail.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords
2012-04-25 19:39 ` Grant Edwards
@ 2012-04-27 14:35 ` Thomas Petazzoni
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2012-04-27 14:35 UTC (permalink / raw)
To: buildroot
Le Wed, 25 Apr 2012 19:39:02 +0000 (UTC),
Grant Edwards <grant.b.edwards@gmail.com> a ?crit :
> > this is a security issue
>
> Only if you set it (it defaults to "n") and the device in question is
> on an accessible network.
>
> > I prefer to add an option to add a default ssh public key
>
> That doesn't do the same thing.
>
> > I've a patch somewhere
>
> I've no objection to having an option for a default key, but I don't
> think it's buildroot's place to try to decide and enforce security
> policies. Those decisions belong to the person specifying and
> designing the embedded system.
>
> [Not allowing blank passwords in dropbear seems especially silly when
> blank passwords are allowed by telnetd, login and openssh.]
Agreed. I think both the "Allow blank passwords" option and the "Add
default ssh public key" options make sense, and they both should be
added.
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 5138] Add dropbear config option to allow blank passwords
2012-04-25 13:38 [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords bugzilla at busybox.net
2012-04-25 14:18 ` Jean-Christophe PLAGNIOL-VILLARD
@ 2013-05-26 8:46 ` bugzilla at busybox.net
1 sibling, 0 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2013-05-26 8:46 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=5138
Thomas Petazzoni <thomas.petazzoni@free-electrons.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2013-05-26 08:45:22 UTC ---
Since https://secure.ucc.asn.au/hg/dropbear/rev/c58a15983808, the compile-time
option to allow blank password no longer exists. It has been replaced by the
runtime option -B.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-05-26 8:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-25 13:38 [Buildroot] [Bug 5138] New: Add dropbear config option to allow blank passwords bugzilla at busybox.net
2012-04-25 14:18 ` Jean-Christophe PLAGNIOL-VILLARD
2012-04-25 19:39 ` Grant Edwards
2012-04-27 14:35 ` Thomas Petazzoni
2013-05-26 8:46 ` [Buildroot] [Bug 5138] " bugzilla at busybox.net
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.