su: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY

When this feature is enabled, blank passwords are not accepted by su unless the user is on a secure TTY defined in /etc/securetty. This resembles the default PAM configuration of some Linux distros which specify the nullok_secure option for pam_unix.so. Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-04-13 12:57:04 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-04-13 12:57:04 +0200
commit: 335681ca8e39144fa19814f7ba10d0fe760e4055 (patch)
tree: 81c20a0be3daab564c842f510126037bf2331ab2 /include
parent: 517a82c5b6b5e279f3e96a6774445a2952ca312b (diff)
download: busybox-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 6b33ffad6..b889dd7d7 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1486,6 +1486,7 @@ int check_securetty(const char *short_tty) FAST_FUNC;
 #else
 static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
+#define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
 int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC;
 int ask_and_check_password(const struct passwd *pw) FAST_FUNC;
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-04-13 12:57:04 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-04-13 12:57:04 +0200
commit	335681ca8e39144fa19814f7ba10d0fe760e4055 (patch)
tree	81c20a0be3daab564c842f510126037bf2331ab2 /include
parent	517a82c5b6b5e279f3e96a6774445a2952ca312b (diff)
download	busybox-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.gz