luci-base: explicitly invoke busybox applet for password change

Ensure to invoke the Busybox `passwd` applet to change the system password
in a non-interactive manner. Non-Busybox variants may not take the new
password input from stdin or use password hashes which are not supported
by musl's `crypt()` implementation by default.

Fixes: #5629
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22e2bfb09667e167a93b5eca4487ac41669126d9)

diff --git a/modules/luci-base/root/usr/libexec/rpcd/luci b/modules/luci-base/root/usr/libexec/rpcd/luci
index 17fb3910b221f6289393f808a2e156c6834f05f5..94536651f34631da986021c0bd38635199a9d556 100755 (executable)
--- a/modules/luci-base/root/usr/libexec/rpcd/luci
+++ b/modules/luci-base/root/usr/libexec/rpcd/luci
@@ -441,7 +441,7 @@ local methods = {
                call = function(args)
                        local util = require "luci.util"
                        return {
-                               result = (os.execute("(echo %s; sleep 1; echo %s) | passwd %s >/dev/null 2>&1" %{
+                               result = (os.execute("(echo %s; sleep 1; echo %s) | /bin/busybox passwd %s >/dev/null 2>&1" %{
                                        luci.util.shellquote(args.password),
                                        luci.util.shellquote(args.password),
                                        luci.util.shellquote(args.username)