install --ondev: run setup_login for installer OS (!2026) · Merge requests · postmarketOS / pmbootstrap · GitLab

This is an archived project. Repository and other project resources are read-only.

Oliver Smith requested to merge ondev-run-setup-login into master Feb 09, 2021

Run setup_login() while creating the installer OS too, in order to disable passwordless root login.

Note that this may sound like a security flaw, but it isn't.

setup_login already ran for the target OS, meaning after the installation is done, one is not be able to login as root without password
root login without password was only possible via serial console (or by attaching a keyboard), not via SSH
getting root rights via serial in the installer OS is actually desired for debugging, we add a debug user with sudo set up by default: https://wiki.postmarketos.org/wiki/On-device_installer#Debug_user

So even though this isn't a problem, disable it to avoid confusion.

Test plan

Run the on-device installer in QEMU
Without this patch, you can login as root without password in the login prompt shown in pmbootstrap qemu
With the patch you can't login as root