From 111cf1268aaac76892e7342c1a354ef27793edd4 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Fri, 5 Dec 2014 18:58:25 +0100
Subject: [PATCH] busybox: enable telnet only when root password is really
 empty, not when it is locked

Otherwise, telnet login is allowed by default when neither a password nor SSH
keys are configured.
---
 ...s-really-empty-not-when-it-is-locked.patch | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 patches/openwrt/0009-busybox-enable-telnet-only-when-root-password-is-really-empty-not-when-it-is-locked.patch

diff --git a/patches/openwrt/0009-busybox-enable-telnet-only-when-root-password-is-really-empty-not-when-it-is-locked.patch b/patches/openwrt/0009-busybox-enable-telnet-only-when-root-password-is-really-empty-not-when-it-is-locked.patch
new file mode 100644
index 000000000..772ade629
--- /dev/null
+++ b/patches/openwrt/0009-busybox-enable-telnet-only-when-root-password-is-really-empty-not-when-it-is-locked.patch
@@ -0,0 +1,26 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Fri, 5 Dec 2014 18:57:16 +0100
+Subject: busybox: enable telnet only when root password is really empty, not when it is locked
+
+diff --git a/package/utils/busybox/files/telnet b/package/utils/busybox/files/telnet
+index a1d1cdf..f95be90 100755
+--- a/package/utils/busybox/files/telnet
++++ b/package/utils/busybox/files/telnet
+@@ -11,7 +11,7 @@ has_root_pwd() {
+ 	      pwd="${pwd#*root:}"
+ 	      pwd="${pwd%%:*}"
+ 
+-	test -n "${pwd#[\!x]}"
++	test -n "${pwd}"
+ }
+ 
+ get_root_home() {
+@@ -28,7 +28,7 @@ has_ssh_pubkey() {
+ 
+ start_service() {
+ 	if ( ! has_ssh_pubkey && \
+-	     ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
++	   ( ! has_root_pwd /etc/passwd || ! has_root_pwd /etc/shadow ) ) || \
+ 	   ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null );
+ 	then
+ 		procd_open_instance
-- 
GitLab