Patchwork [meta-networking] quagga: use /bin/false as the login shell

login
register
mail settings
Submitter Robert Yang
Date Nov. 12, 2013, 9:24 p.m.
Message ID <1384291464-12185-1-git-send-email-liezhi.yang@windriver.com>
Download mbox | patch
Permalink /patch/61493/
State Accepted, archived
Headers show

Comments

Robert Yang - Nov. 12, 2013, 9:24 p.m.
Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta-networking/recipes-protocols/quagga/quagga.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Joe MacDonald - Nov. 26, 2013, 4:23 p.m.
Merged, thanks.
-J.

[[oe] [meta-networking] [PATCH] quagga: use /bin/false as the login shell] On 13.11.13 (Wed 05:24) Robert Yang wrote:

> Use /bin/false as the login shell, just like what Ubuntu does,
> otherwise there might be secure issue.
> 
> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> ---
>  meta-networking/recipes-protocols/quagga/quagga.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
> index 2106c9b..677b1c5 100644
> --- a/meta-networking/recipes-protocols/quagga/quagga.inc
> +++ b/meta-networking/recipes-protocols/quagga/quagga.inc
> @@ -148,7 +148,7 @@ INITSCRIPT_PARAMS_${PN}-watchquagga     = "defaults 90 10"
>  # Add quagga's user and group
>  USERADD_PACKAGES = "${PN}"
>  GROUPADD_PARAM_${PN} = "--system quagga ; --system quaggavty"
> -USERADD_PARAM_${PN} = "--system --home ${localstatedir}/run/quagga/ -M -g quagga quagga"
> +USERADD_PARAM_${PN} = "--system --home ${localstatedir}/run/quagga/ -M -g quagga --shell /bin/false quagga"
>  
>  pkg_postinst_${PN} () {
>      if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then

Patch

diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index 2106c9b..677b1c5 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -148,7 +148,7 @@  INITSCRIPT_PARAMS_${PN}-watchquagga     = "defaults 90 10"
 # Add quagga's user and group
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM_${PN} = "--system quagga ; --system quaggavty"
-USERADD_PARAM_${PN} = "--system --home ${localstatedir}/run/quagga/ -M -g quagga quagga"
+USERADD_PARAM_${PN} = "--system --home ${localstatedir}/run/quagga/ -M -g quagga --shell /bin/false quagga"
 
 pkg_postinst_${PN} () {
     if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then