From: kos Date: Fri, 25 Jan 2013 10:04:58 +0000 (+0900) Subject: fixed login security hole. X-Git-Url: http://code.vuplus.com/gitweb/?p=vuplus_openvuplus;a=commitdiff_plain;h=6088778ef01fd47bfb61658ab266ce23dcd680ed fixed login security hole. --- diff --git a/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/change-passwd-default-algorithm.patch b/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/change-passwd-default-algorithm.patch new file mode 100644 index 0000000..6ab35eb --- /dev/null +++ b/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/change-passwd-default-algorithm.patch @@ -0,0 +1,13 @@ +diff --git a/loginutils/passwd.c b/loginutils/passwd.c +index 1cfafae..3231b23 100644 +--- a/loginutils/passwd.c ++++ b/loginutils/passwd.c +@@ -94,7 +94,7 @@ int passwd_main(int argc UNUSED_PARAM, char **argv) + }; + unsigned opt; + int rc; +- const char *opt_a = "d"; /* des */ ++ const char *opt_a = "m"; /* des */ + const char *filename; + char *myname; + char *name; diff --git a/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/defconfig b/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/defconfig index be2e745..849e3e2 100644 --- a/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/defconfig +++ b/meta-openvuplus/recipes-core/busybox/busybox-1.19.4/defconfig @@ -446,7 +446,7 @@ CONFIG_INIT_TERMINAL_TYPE="" CONFIG_FEATURE_SHADOWPASSWDS=y # CONFIG_USE_BB_PWD_GRP is not set # CONFIG_USE_BB_SHADOW is not set -# CONFIG_USE_BB_CRYPT is not set +CONFIG_USE_BB_CRYPT=y # CONFIG_USE_BB_CRYPT_SHA is not set CONFIG_ADDUSER=y CONFIG_FEATURE_ADDUSER_LONG_OPTIONS=y diff --git a/meta-openvuplus/recipes-core/busybox/busybox_1.19.4.bbappend b/meta-openvuplus/recipes-core/busybox/busybox_1.19.4.bbappend index 5c0775b..042ab21 100644 --- a/meta-openvuplus/recipes-core/busybox/busybox_1.19.4.bbappend +++ b/meta-openvuplus/recipes-core/busybox/busybox_1.19.4.bbappend @@ -1,4 +1,4 @@ -PR .= "-vuplus4" +PR .= "-vuplus5" SRC_URI += " \ file://0001-ifupdown-support-post-up-pre-down-hooks.patch \ @@ -11,6 +11,7 @@ SRC_URI += " \ file://0002-Create-and-use-our-own-copy-of-linux-ext2_fs.h.patch \ file://0003-Drop-include-bb_linux_ext2_fs.h-use-existing-e2fspro.patch \ file://mount_single_uuid.patch \ + file://change-passwd-default-algorithm.patch \ file://inetd \ file://inetd.conf \ " diff --git a/meta-openvuplus/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/meta-openvuplus/recipes-extended/shadow/shadow_4.1.4.3.bbappend new file mode 100644 index 0000000..d8d1769 --- /dev/null +++ b/meta-openvuplus/recipes-extended/shadow/shadow_4.1.4.3.bbappend @@ -0,0 +1,25 @@ +PR .= "vuplus0" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${P}:" + +pkg_postinst_${PN} () { + for i in chpasswd chfn newgrp chsh groups vipw vigr ; do + update-alternatives --install ${sbindir}/$i $i $i.${PN} 200 + done + + if [ "x$D" != "x" ]; then + rootarg="--root=$D" + else + rootarg="" + fi + + pwconv $rootarg + grpconv $rootarg +} + +pkg_prerm_${PN} () { + for i in chpasswd chfn newgrp chsh groups vipw vigr ; do + update-alternatives --remove $i $i.${PN} + done +} +