-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sys/shell: new module shell_lock #13082
Conversation
e1f92a6
to
c54ebe7
Compare
What PR is this waiting for @HendrikVE ? |
97b06af
to
d8f18ed
Compare
Rebased and squashed! No dependency on any other PR left. |
b59518e
to
b8145b9
Compare
(or asking differently can #12191 be closed as this PR supersedes this one?) |
b8145b9
to
2748881
Compare
2748881
to
9472fd4
Compare
2819803
to
c52a1e6
Compare
09348de
to
21f9464
Compare
ea93dfc
to
7efd27a
Compare
Needs a rebase, but I think this can still be useful. |
7efd27a
to
fddb08e
Compare
Rebased to master and cleaned the PR a little. The module now uses the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added some commits to fix locking with the telnet server.
While this is certainly not secure, it is a cleaner workaround to the GNRC TCP issue (not generating -ECONNABORTED
) than #17897.
extern void shell_lock_checkpoint(char *line_buf, int len); | ||
extern bool shell_lock_is_locked(void); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you are doing that you might as well
extern void shell_lock_checkpoint(char *line_buf, int len); | |
extern bool shell_lock_is_locked(void); | |
#if IS_USED(MODULE_SHELL_LOCK) | |
extern void shell_lock_checkpoint(char *line_buf, int len); | |
extern bool shell_lock_is_locked(void); | |
#else | |
static inline void shell_lock_checkpoint(char *line_buf, int len) | |
{ | |
(void)line_buf; | |
(void)len; | |
} | |
static inline bool shell_lock_is_locked(void) | |
{ | |
return false; | |
} | |
#endif |
and avoid cluttering the code further down with if (IS_USED(…))
blocks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mh I don't see the benefit of doing this. At the moment it is in line with MODULE_SHELL_HOOKS
and MODULE_SHELL_COMMANDS
. Since these are just forward declarations we don't need empty definitions in case the module is not used at all.
9eef476
to
4470b68
Compare
This needs a rebase now, sorry. |
Module to lock the running shell with a password. Shell is proceeded only when the valid password was entered by the user. After 3 failed attempts, the input is blocked for a few seconds to slow down brute force attacks. Does not make use of any cryptographic features yet.
Module to lock the shell after a given timeout of time x. When the shell did not receive any input within time x, then the shell is locked automatically.
4470b68
to
80b7b79
Compare
Thanks for the review! |
Contribution description
This PR adds a locking mechanism to the shell, implemented by the new
shell_lock
module. It's not meant as a super secure system protection, it should rather be thought of as a small simple protection for demo environment purposes. For example, I recently raised a PR (#12012) for stdio over Blueooth. I might want to show a demo and control my project via bluetooth and I don't want other people to be able to connect to my device and use the shell. Using this new module you have to type in a password first. The mentioned bluetooth service only allows a single connection per device, that is an assumption that needs to be maintained, because there is only a single shell instance per device. A second user would get access to the previous unlocked shell by another user otherwise. Furthermore it's not the responsibility of this module to provide a secure channel. This needs to be done by the used communication channel, e.g. nimble in the mentioned case.All of this doesn't mean it couldn't extended to be more secure for other purposes though.
The module
shell_lock_auto_locking
extends the lock mechanism by auto locking the "session" after a given timeout, which might be also interesting. Otherwise the user has to lock the shell manually by calling the addedlock
-command within the shell.Testing procedure
Simply run the
default
application on a board. A test configuration is set in the Makefile.