ttyd: force enable authentication for login

Currently, we called `/usr/libexec/login.sh` as login command, but unfortunately the auth
is disabled by default in it[1], and this is really serious as it could be a free "backdoor"
for any spoiler who has conntectd to the router via LAN or wireless.

In my option, it shouldn't be exposed to anyone without auth, so I set the default login
command to `/bin/login`. And for those who really want that, they can do it themselves.

1. `login.sh` adjusts whether use authentication or not from system config named ttylogin,
which is set to disabled by default. See package/base-files/files/bin/config_generate#L243.

Signed-off-by: Tianling Shen <cnsztl@project-openwrt.eu.org>
Backported from f45bb2981d41e1005a2658661da2475518835db8

diff --git a/utils/ttyd/Makefile b/utils/ttyd/Makefile
index d2695d3ceff66b5051fe87c4d6b9e3ed791d0a75..8fa6c7ced6d1530fdb937c812d3327d989515c01 100644 (file)
--- a/utils/ttyd/Makefile
+++ b/utils/ttyd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ttyd
 PKG_VERSION:=1.5.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tsl0922/ttyd/tar.gz/$(PKG_VERSION)?

diff --git a/utils/ttyd/files/ttyd.config b/utils/ttyd/files/ttyd.config
index 11b980fb07599fef52c9467f179aec3695b6c330..8dbde7034e2a62d793e19d24c620ea6f99f079ab 100644 (file)
--- a/utils/ttyd/files/ttyd.config
+++ b/utils/ttyd/files/ttyd.config
@@ -1,5 +1,5 @@
 
 config ttyd
        option interface '@lan'
-       option command '/usr/libexec/login.sh'
+       option command '/bin/login'