axspawn on embeded systems like openwrt:

on those systems, things are not as you expect. i.e., /bin/login is a shell script and implements boot-specific actions only (login without root password, etc..). The assumption that /bin/login -f username causes user as uid > 0 to login is wrong; user may gain root rights. axspawn now implements partially (thus, in the important points) what login assures. axspawn should be involked with the option --embeded when called from ax25d.
author: Thomas Osterried <thomas@osterried.de> 2008-04-13 23:09:31 +0000
committer: Thomas Osterried <thomas@osterried.de> 2008-04-13 23:09:31 +0000
commit: 637e4cd23bc508116fd86d80208b07e33a4ce713 (patch)
tree: ca3f4061d9b1ec2c4206caa3d5810135b8ab10ea /ax25/axspawn.8
parent: 1075994389ea9dc3a632b4ab811bce1ada113272 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ax25/axspawn.8 b/ax25/axspawn.8
index 5d6f6b0..8b0ec2d 100644
--- a/ax25/axspawn.8
+++ b/ax25/axspawn.8
@@ -84,6 +84,11 @@ properly.
 Allow connecting ax25 users to change their username for login. They'll be
 asked for their real login name. 
 .TP 5
+.B -e, --embeded
+Special treatment for axspawn on non-standard conform embeded devices.
+I.e. openwrt has no true /bin/login: if you use it as a real login program,
+it raises a security hole.
+.TP 5
 .B -r, --rootlogin
 Permit login as user root. Cave: only md5 or baycom style is allowed; no
 plaintext password.
author	Thomas Osterried <thomas@osterried.de>	2008-04-13 23:09:31 +0000
committer	Thomas Osterried <thomas@osterried.de>	2008-04-13 23:09:31 +0000
commit	637e4cd23bc508116fd86d80208b07e33a4ce713 (patch)
tree	ca3f4061d9b1ec2c4206caa3d5810135b8ab10ea /ax25/axspawn.8
parent	1075994389ea9dc3a632b4ab811bce1ada113272 (diff)