Re: Announcing INCEPTION: Deeper access to your N9
 

it's standart lunux sudo. google, if never worked on linux before.

Re: Announcing INCEPTION: Deeper access to your N9
 

Can I install it with opensh already installed?

Re: Announcing INCEPTION: Deeper access to your N9
 

Yeah.

Note that coderus' sudo is probably not Aegis-aware, so you won't be able to do certain things that you can with opensh, such as run aegisctl. (not sure - correct me if I'm wrong)

Re: Announcing INCEPTION: Deeper access to your N9
 

Thanks itsnotabigtruck for you Inception project. It made possible to :
- use Easy Debian without flashing open kernel;
- use chroot images with programming languages/tools (gcc/g++, etc);
- run binaries created by gcc/g++ running on Nokia N9.

Re: Announcing INCEPTION: Deeper access to your N9
 

itsnotabigtruck, of course, it's like just su (devel-su), no extra hacky privileges =)
i made this for making me happy =) everytime using pc i'm using sudo, and when switching to phone ssh i want to use sudo too. devel-su too complicated to type :D
just usinng it for sudo apt-get, sudo dpkg, sudo nano, sudo mc and so on in daily usage =)

but of course, i can inject checking for opensh installing and make sudo work thru opensh or just sh.

Re: Announcing INCEPTION: Deeper access to your N9
 

So has it brought any Developer any use yet and what?

Re: Announcing INCEPTION: Deeper access to your N9
 

Muzimak, of course, look into chroot thread.

Re: Announcing INCEPTION: Deeper access to your N9
 

Sounds like Gentoo Prefix is now possible :)

Re: Announcing INCEPTION: Deeper access to your N9
 

I've noticed a couple of oddities when running an incepted opensh.

First of all, I am unable to run a simple shell script under opensh:

As you can see, it works fine as a regular user, as regular root user and also under a develsh shell but not under an opensh shell.

The following was written to dmesg. I hope someone can make more sense of this then I can.

It does run fine under opensh if I disable Aegis with "aegistl -s" as you might expect. I would be interested to know if anyone else is experiencing this behaviour either when using opensh via Inception or an open-mode kernel.

Re: Announcing INCEPTION: Deeper access to your N9
 

The second thing I discovered was that it is actually possible to run an incepted opensh shell as a regular user and gain full root privileges without needing to supply a root password!

This is obviously a huge security hole. I'd also like know if this problem occurs when running opensh under an open-mode kernel.

I suggest that anyone using an incepted opensh locks down both /bin/opensh and /bin/open-sh executables with 700 permissions until this is sorted.

Re: Announcing INCEPTION: Deeper access to your N9
 

Obviously inception as such is a huge security hole. It has been always known that if you want to bypass password query you install opensh, and if you want to have the password query, then you incept develsh. As only difference between develsh and opensh is the default current user vs. setuid(0).

Re: Announcing INCEPTION: Deeper access to your N9
 

There is nothing odd in your paste, it behaves just like aegis should. If you find that odd, then most likely you shouldn't have installed inception or incepted opensh, or atleast you should 1st study how aegis is supposed to work. http://harmattan-dev.nokia.com/docs/...ity_guide.html

Re: Announcing INCEPTION: Deeper access to your N9
 

This is why installing opensh is optional - it makes things wide open, often more so than you want. I've been meaning to build a replacement that has a password prompt, à la sudo. (If someone else is interested in implementing one, that would be greatly appreciated; what INCEPTION needs is apps, apps, and more apps!)

Note that as long as Aegis is exploitable, an evil unprivileged app could still obtain full access even without opensh - it would just be more difficult. opensh is essentially poking a hole through a dam that's already leaky.

@rainisto develsh doesn't have a password prompt either, though - so if incepting it does grant it full privileges, doing so is exactly as much of an issue as installing opensh, I'd imagine.

Re: Announcing INCEPTION: Deeper access to your N9
 

Well I knew that the purpose of opensh was to provide real root, what I didn't realise was that setuid(0), setgid(0) was used to achieve this. I'll admit I was naive to install it without knowing this but what surprised me was how nothing has been done to lock it down. To quote the author (http://maemo.cloud-7.de/HARM/N9/openmode_kernel_PR1.1/):

No way is the default install of opensh as safe as any Linux system. Perhaps most people here find it acceptable to be able to gain root access without some form of password or key. Fremantle's rootsh was just as vulnerable.

Re: Announcing INCEPTION: Deeper access to your N9
 

If opensh asserted all Aegis credentials, but didn't switch to the root user, one could still trivially become root using either the tcb or CAP::setuid credentials, both of which would be available. Merely having opensh run as the current user wouldn't do anything at all to improve security.

Under other circumstances I'd be a bit more fervent about locking down access to credentials/root, but with Harmattan as it is I'm afraid it's a bit of a lost cause. That said, the Aegis-aware sudo I proposed earlier is definitely something that's required.

Edit: Also, you can get rid of opensh without getting rid of INCEPTION - just do apt-get remove opensh from a root shell and you're set.

Re: Announcing INCEPTION: Deeper access to your N9
 

And ofcourse the real security hole is that one can make application to ovi store, and which would check the existance of /usr/sbin/incept and if binary is found then incept malware into device, and if binary is not found then do nothing.

So 1st you should make /usr/sbin/incept to set and query some custom password to able to be run it (which would not be rootme ie force change of default passwd).

Re: Announcing INCEPTION: Deeper access to your N9
 

tried to make sudo work with all credentials, no succes. too little skill in linux. need help =)

Re: Announcing INCEPTION: Deeper access to your N9
 

After running

Run

to edit the sudoers file.

A guide on the sudoers file (content, syntax) can be found here: https://help.ubuntu.com/community/Sudoers

Re: Announcing INCEPTION: Deeper access to your N9
 

man, i know. i trying to compile sudo to have all credentials. my last success is:

Re: Announcing INCEPTION: Deeper access to your N9
 

Since sudoers already contains a line that lets "user" run anything, how about:

(provided you have bash)

That gives me all credentials.

Re: Announcing INCEPTION: Deeper access to your N9
 

no, our discussing about using sudo instead of opensh, for having password prompt and better security.
and need to have all credentials inside sudo shell

Re: Announcing INCEPTION: Deeper access to your N9
 

If you set timestamp_timeout=0 in sudoers, it will ask for a password every time that line is run. Just don't add NOPASSWD: to the sudoers definition.

Re: Announcing INCEPTION: Deeper access to your N9
 

I think that's the problem. Try doing sudo -i instead, then see what credentials you have.

BTW Consider editing your IMEI out of any accli printouts you post!

The problem he's having has nothing to do with the sudoers file - it has to do with obtaining the correct Aegis credentials after sudoing.

Re: Announcing INCEPTION: Deeper access to your N9
 

sudo su, sudo -i, sudo -u have same credentials. sudo accli -I return minimal user credentials.
i'm not worry about my imei, i'm not paranoic :D

Re: Announcing INCEPTION: Deeper access to your N9
 

i think i've installed inception correctly and then opensh, so i run opensh, and run accli -I and I get this

but the problem is i can't run this command

tar xjvf /home/user/MyDocs/sillyboot_2.tar.bz2 -C /

tar: can't remove old file sbin/preinit: Permission denied

with that error, will this definitely require open mode? since I thought opensh should of given me full control.

ah nvm seems theres no way but to flash open mode

Re: Announcing INCEPTION: Deeper access to your N9
 

this is wrong thread to ask about nitdroid.
(you should flash to dualboot kernel)

Re: Announcing INCEPTION: Deeper access to your N9
 

I'm not able to "incept" my N9. I have tried several times with "pasiv" (devel-su -c /usr/sbin/pasiv) but it always ends with:

:confused:... I don't know what to do... any suggestion would be very welcome!

Edit: It is running Harmattan PR1.2

Re: Announcing INCEPTION: Deeper access to your N9
 

This should reveal exactly where it's failing: devel-su -c 'develsh -v /usr/sbin/pasiv'

Re: Announcing INCEPTION: Deeper access to your N9
 

Thanks for the help! (and, of course, for "Inception" :) )

Strangely enough, it works perfectly today (I restarted the phone, but I tried that before my previous post...).

Re: Announcing INCEPTION: Deeper access to your N9
 

Hi itsnotabigtruck,

Could you confirm : can Inception work with open mode kernels ?

Yeah, I know they are alternatives, so the user should decide between open mode kernel OR Inception.

But there are users using both : open mode kernels AND also Inception. In this way creating confusion to support them in some uses (Easy Debian, Overclocking, etc).

Re: Announcing INCEPTION: Deeper access to your N9
 

Yep, it works fine. Most of the people installing it in open mode are doing so because they don't know about AEGIS_FIXED_ORIGIN, but using INCEPTION doesn't really hurt anything, and it's probably a little bit more convenient.

Re: Announcing INCEPTION: Deeper access to your N9
 

i got me self a tiny problem...

Re: Announcing INCEPTION: Deeper access to your N9
 

i dont know how to "incept" aegisctl_1.2.armel.deb


instructions are...

"Download the package you would like to install; the wget utility (apt-get install wget) is very useful for this.
wget -O awesome-package_1.0_armel.deb http://awesome.tld/awesomeapp/install.deb
# This is an example - don't download"

so what do i punch in instead of example... URL location of the .deb i want to "incept"? what about this part ///awesome-package_1.0_armel.deb///


sorry... not so good with linux in code -.-

Re: Announcing INCEPTION: Deeper access to your N9
 

you don't *have* to use wget, it's just given as a way to get the package onto your device.
so just skip that part if you can download the file and save it somewhere using another method.

Re: Announcing INCEPTION: Deeper access to your N9
 

@Waynder, LOL. You should read full instruction to understand it. Or never use INCEPTION, forget, it is not for you.

Re: Announcing INCEPTION: Deeper access to your N9
 

As much as I hate to agree with Coderus on this one, he is right.

Re: Announcing INCEPTION: Deeper access to your N9
 

+1

(10 chars)

Re: Announcing INCEPTION: Deeper access to your N9
 

well... thanx for apple attitude =P

i was alble to follow instructions for n900 kernel changing, overclocking, nitDROID installing (in code step by step, before one click installation) etc... i just have a glitch in this one....


thanx for helpin out, tough -.-


______

FYI i managed it after all... so im not a complete idiot =P

forum was much more friendly 1 year ago...

Re: Announcing INCEPTION: Deeper access to your N9 [0.1.1]
 

I've got new devtools and dev-mode updates today. Did anybody check if they brake inception?

Re: Announcing INCEPTION: Deeper access to your N9 [0.1.1]
 

They did, but I already released the 0.1.1 update to counter it. Install the new version and you'll be fine. :)