emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

su: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY

Browse Source 
When this feature is enabled, blank passwords are not accepted by su
unless the user is on a secure TTY defined in /etc/securetty. This
resembles the default PAM configuration of some Linux distros which
specify the nullok_secure option for pam_unix.so.

Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
2017-04-13 12:57:04 +02:00
parent 517a82c5b6
commit 335681ca8e
3 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libbb.h
View File

@ -1486,6 +1486,7 @@ int check_securetty(const char *short_tty) FAST_FUNC;
#else
static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
#endif
#define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC;
int ask_and_check_password(const struct passwd *pw) FAST_FUNC;