From: Sascha Hauer <s.hauer@pengutronix.de>
To: Moritz Warning <m.warning@meteocontrol.de>
Cc: barebox@lists.infradead.org
Subject: Re: Secure barebox
Date: Mon, 1 Jun 2015 14:06:52 +0200 [thread overview]
Message-ID: <20150601120652.GH6325@pengutronix.de> (raw)
In-Reply-To: <556C271F.6040005@meteocontrol.de>
Hi Moritz,
On Mon, Jun 01, 2015 at 11:34:23AM +0200, Moritz Warning wrote:
> Hi,
>
> I like to secure access to barebox using a password.
> passwd seems to be the right command, but setting a
> password does not seem to have any effect.
>
> After a reset, access to barebox is not limited as far
> as I can tell.
I've never really used password support. I just gave it a try and I can
only say: It's not usable in its current state. The thing you were
missing is: You must set nv.login.timeout to something nonzero:
nv.login.timeout=3; saveenv
Then afterwards I get asked for a password. If I enter this correctly I
get to the prompt, if I enter the wrong password I'm asked for a
password again. However, when I press ctrl-c or just an empty password I
also get to the prompt.
The password protection support is currently implemented in the
/env/bin/init script. This makes the whole stuff very fragile. The
barebox shell is not designed to be secure. Once the shell is started
the system is insecure, so the password asking process should be done
before entering the shell, not from the shell.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2015-06-01 12:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-01 9:34 Moritz Warning
2015-06-01 12:06 ` Sascha Hauer [this message]
2015-06-01 12:12 ` Moritz Warning
2015-06-01 12:29 ` Moritz Warning
2015-06-03 8:24 ` Sascha Hauer
2015-06-08 8:25 ` Moritz Warning
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150601120652.GH6325@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=m.warning@meteocontrol.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox