Unverified Commit 19fb8aeb authored by Santiago Torres-Arias's avatar Santiago Torres-Arias
Browse files

Makefile: add fix for CVE-2019-5021

The previous instances of the docker image allowed for passwordless root
login. Update the default shadow setting so the root account to disallow
this.
parent b274212c
......@@ -16,6 +16,10 @@ rootfs: hooks
--noscriptlet \
--hookdir $(PWD)/alpm-hooks/usr/share/libalpm/hooks/ $(shell cat packages)
cp --recursive --preserve=timestamps --backup --suffix=.pacnew rootfs/* $(BUILDDIR)/
# remove passwordless login for root (see CVE-2019-5021 for reference)
sed -i -e 's/^root::/root:!:/' "$(BUILDDIR)/etc/shadow"
tar --numeric-owner --xattrs --acls --exclude-from=exclude -C $(BUILDDIR) -c . -f archlinux.tar
rm -rf $(BUILDDIR) alpm-hooks
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment