From patchwork Sat Jun 22 22:22:32 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Yann E. MORIN" <yann.morin.1998@free.fr>
X-Patchwork-Id: 253448
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from silver.osuosl.org (silver.osuosl.org [140.211.166.136])
	by ozlabs.org (Postfix) with ESMTP id 882652C0410
	for <incoming@patchwork.ozlabs.org>;
	Sun, 23 Jun 2013 08:23:00 +1000 (EST)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 2CDFF31B71;
	Sat, 22 Jun 2013 22:22:59 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id HmeqJC5Jzy4D; Sat, 22 Jun 2013 22:22:58 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id DBD0E31B69;
	Sat, 22 Jun 2013 22:22:57 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 2D4A18F79E
	for <buildroot@lists.busybox.net>;
	Sat, 22 Jun 2013 22:23:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 3F1BF8C991
	for <buildroot@lists.busybox.net>;
	Sat, 22 Jun 2013 22:22:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id dKQ-bkFkmyJy for <buildroot@lists.busybox.net>;
	Sat, 22 Jun 2013 22:22:53 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-we0-f175.google.com (mail-we0-f175.google.com
	[74.125.82.175])
	by whitealder.osuosl.org (Postfix) with ESMTPS id E82AC8CB87
	for <buildroot@busybox.net>; Sat, 22 Jun 2013 22:22:44 +0000 (UTC)
Received: by mail-we0-f175.google.com with SMTP id t59so7253780wes.20
	for <buildroot@busybox.net>; Sat, 22 Jun 2013 15:22:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:cc:subject:date:message-id:x-mailer;
	bh=Y0UA5LGC03xNMKyb/M0ik+x9HwToKot4ixHZfu6Iopk=;
	b=J50XJoYyYasV8+bNytUREl3kRlg/6J7Y07sewDKNVDj461RGYGgfKBOrwcgYn7zwHn
	m7q8sES4sVaR2HeU5EEBgvRH2ETieoMz1T6LNALfScxC3Fq0y8hDtAp/rZHBNInUe3sj
	tik4fR8faolYoW3G+KzkLFXU94gdbiSaNewFdvmxtP0g5Pah1JRV7AdrhVkcWDNSZ33n
	e2mJd1k2fQhbKbUYch2KCv7GEzBBZA8wrB6j4FGemSJXRqAtPIys9mQGX1BLs6aDtVTz
	vjtDFEs4a2sOFgmDO8Or8GP25WKeQoqFvu3nYBTafwWuUbzKDshI9DZjO2LzaK0/OmNH
	AtEA==
X-Received: by 10.180.160.203 with SMTP id xm11mr2288363wib.58.1371939763225;
	Sat, 22 Jun 2013 15:22:43 -0700 (PDT)
Received: from gourin.bzh.lan (ks3095497.kimsufi.com. [94.23.60.27])
	by mx.google.com with ESMTPSA id
	fu14sm6615195wic.8.2013.06.22.15.22.41 for <multiple recipients>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Sat, 22 Jun 2013 15:22:42 -0700 (PDT)
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Date: Sun, 23 Jun 2013 00:22:32 +0200
Message-Id: <1371939752-29205-1-git-send-email-yann.morin.1998@free.fr>
X-Mailer: git-send-email 1.8.1.2
Cc: "Yann E. MORIN" <yann.morin.1998@free.fr>
Subject: [Buildroot] [PATCH] system/permissions: make /root group+others
	non-writable
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

From: "Yann E. MORIN" <yann.morin.1998@free.fr>

Upon logging, dropbear whines if /root is group- or others-writable, and
key-based authentication is attempted, reverting to password-based
authentication:
    dropbear[149]: /root must be owned by user or root, and not writable by others
    dropbear[149]: Password auth succeeded for 'root' from 192.168.127.35:41566

On my system, /root was 770. Changing to 700 fixed the issue.

Having /root 700 is a good idea, anyway.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 system/device_table.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/system/device_table.txt b/system/device_table.txt
index 43c0cfa..7ae4b07 100644
--- a/system/device_table.txt
+++ b/system/device_table.txt
@@ -9,6 +9,7 @@
 /dev					d	755	0	0	-	-	-	-	-
 /tmp					d	1777	0	0	-	-	-	-	-
 /etc					d	755	0	0	-	-	-	-	-
+/root					d	700	0	0	-	-	-	-	-
 /home/default				d	755	1000	1000	-	-	-	-	-
 /var/www				d	755	33	33	-	-	-	-	-
 /etc/shadow				f	600	0	0	-	-	-	-	-