From 637e4cd23bc508116fd86d80208b07e33a4ce713 Mon Sep 17 00:00:00 2001
From: Thomas Osterried <thomas@osterried.de>
Date: Sun, 13 Apr 2008 23:09:31 +0000
Subject: 	axspawn on embeded systems like openwrt: 	on those
 systems, things are not as you expect. i.e., /bin/login 	is a shell
 script and implements boot-specific actions only 	(login without root
 password, etc..). The assumption that 	/bin/login -f username causes user as
 uid > 0 to login 	is wrong; user may gain root rights. 	axspawn now
 implements partially (thus, in the important 	points) what login assures. 
 axspawn should be involked with the option --embeded when 	called from
 ax25d.

---
 ax25/axspawn.8 | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'ax25/axspawn.8')

diff --git a/ax25/axspawn.8 b/ax25/axspawn.8
index 5d6f6b0..8b0ec2d 100644
--- a/ax25/axspawn.8
+++ b/ax25/axspawn.8
@@ -84,6 +84,11 @@ properly.
 Allow connecting ax25 users to change their username for login. They'll be
 asked for their real login name. 
 .TP 5
+.B -e, --embeded
+Special treatment for axspawn on non-standard conform embeded devices.
+I.e. openwrt has no true /bin/login: if you use it as a real login program,
+it raises a security hole.
+.TP 5
 .B -r, --rootlogin
 Permit login as user root. Cave: only md5 or baycom style is allowed; no
 plaintext password.
-- 
cgit v1.2.3