Message ID | 52c5571a8664a7547caed420ea83d77ab5d21d0f.1650591341.git.paul.eggleton@linux.microsoft.com |
---|---|
State | New |
Headers | show |
Series | [1/9] migration-3.4: add missing entry on EXTRA_USERS_PARAMS | expand |
> -----Original Message----- > From: docs@lists.yoctoproject.org <docs@lists.yoctoproject.org> On Behalf > Of Paul Eggleton > Sent: den 22 april 2022 03:41 > To: docs@lists.yoctoproject.org > Subject: [docs] [PATCH 2/9] ref-manual: add a note about hard-coded > passwords > > From: Paul Eggleton <paul.eggleton@microsoft.com> > > It seems prudent to point out that hard-coding passwords in the manner > detailed in the example is not a good idea in production. This type of > mistake has unfortunately been made by many device vendors (outside of > the Yocto Project context) leading to security vulnerabilities. > > Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> > --- > documentation/ref-manual/classes.rst | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst > index 6ba792d..13cc2bb 100644 > --- a/documentation/ref-manual/classes.rst > +++ b/documentation/ref-manual/classes.rst > @@ -576,6 +576,13 @@ Finally, here is an example that sets the root password:: > usermod -p '${PASSWD}' root; \ > " > > +.. note:: > + > + From a security perspective, hardcoding a default password is not > + generally a good idea. It is recommended that you do not do this if you are I would suggest adding "or even legal in some jurisdictions" after "good idea". > + building a production image. > + > + > .. _ref-classes-features_check: > > ``features_check.bbclass`` > -- > 1.8.3.1 //Peter
diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index 6ba792d..13cc2bb 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -576,6 +576,13 @@ Finally, here is an example that sets the root password:: usermod -p '${PASSWD}' root; \ " +.. note:: + + From a security perspective, hardcoding a default password is not + generally a good idea. It is recommended that you do not do this if you are + building a production image. + + .. _ref-classes-features_check: ``features_check.bbclass``