maemo.org - Talk - View Single Post

putkowski	2006-01-18 , 01:03
Posts: 155 \| Thanked: 10 times \| Joined on Nov 2005 @ central georgia, usa	#9

Originally Posted by Nyrath

Yet.

The day will come when the 770 or the next version will become vulnerable to some kind of port-scan attack, and you don't want your tablet running as root when it happens.

The best way to ensure that is to form good habits now.

Good habits. YES.

Running as ROOT.. 770 specific answer? When I do xterm/ whoami, I get user (when r&d mode is enabled)

When I signon as root from SSH on another machine, I am root.

When I sudo gainroot, whoami indicates root.

Here's what happens then:

"#!/bin/sh -e
trap exit SIGHUP SIGINT SIGTERM
PATH=/bin:/usr/bin:/sbin:/usr/sbin
MODE=`/usr/sbin/chroot /mnt/initfs cal-tool --get-rd-mode`
if [ x$MODE = xenabled ]
then
echo "Root shell enabled"
/bin/sh
else
echo "Enable RD mode if you want to break your device"
fi"

This looks like a check to the "flash" part of the 770 to see if we're in R & D mode.

Then "if r & D mode," we run sh

How is a port-scan attack more effective when the tablet is "running" as root?

sudo has been two things: 1. a way to limit who does what 2. a way to log who does what

I haven't seen any logs retained on my 770.

Last edited by putkowski; 2006-01-18 at 01:15.

Quote & Reply |