Reply
Thread Tools
Posts: 35 | Thanked: 26 times | Joined on Oct 2018
#1
The Aegis Security system checks each executable's md5 when it is executed.But the referred md5(calculated when the executable first installed) is stored in an unsafe file.
/var/lib/aegis/refhashlist (or some path like this)
The file has a rw-rw-rw- permission which means any user could read and write it.
So,a malware executed by user(with lowest permission) could just write it to an empty file to break the Aegis and crash the MeeGo OS.
For example:
-----------
Don't try this on your phone!!!!
----------
I tried this on a newly flashed N9 device with a 3rd party terminal without developer mode.

I just simply run:
echo ''>>The path to the refhashlist file.

And

echo ''>>There is also a refhashlist.bak file.

If you do so,any executable with root permission won't run again.The device won't shutdown unless you force it by long-press the power button.

The device reports OS error and request fixing when you try to boot it after the force shutdown.

I'm afraid that this would be a critical safety problem for MeeGo.

By the way,is there a security problem with the OpenSSH Server installed by Developer Mode?

Last edited by Sunset_Shimmer; 2020-08-14 at 09:14.
 

The Following 2 Users Say Thank You to Sunset_Shimmer For This Useful Post:
Posts: 35 | Thanked: 26 times | Joined on Oct 2018
#2
Please replace > with >
 

The Following User Says Thank You to Sunset_Shimmer For This Useful Post:
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#3
That's a bit strange since I vaguely recall that refhashlist is protected by aegis. (could be wrong since it is years since I played with N9 but still...)
__________________
Dave999: Meateo balloons. What’s so special with em? Is it a ballon?
 

The Following 2 Users Say Thank You to juiceme For This Useful Post:
coderus's Avatar
Posts: 6,436 | Thanked: 12,701 times | Joined on Nov 2011 @ Ängelholm, Sweden
#4
newly flashed but still in openmode?
__________________
Telegram | Openrepos | GitHub | Revolut donations
 

The Following User Says Thank You to coderus For This Useful Post:
Posts: 35 | Thanked: 26 times | Joined on Oct 2018
#5
Originally Posted by coderus View Post
newly flashed but still in openmode?
Accli -I returns normal
EMMC cleaned by flasher --erase-user-data
Th bin file was original.
 

The Following User Says Thank You to Sunset_Shimmer For This Useful Post:
Posts: 35 | Thanked: 26 times | Joined on Oct 2018
#6
Originally Posted by coderus View Post
newly flashed but still in openmode?
Pretty sure that not openmode.

Will this situation happen????
I've never met this.
 

The Following User Says Thank You to Sunset_Shimmer For This Useful Post:
Posts: 35 | Thanked: 26 times | Joined on Oct 2018
#7
Do not try to remove the file.(Permission Denied)
Just rewrite it.
 

The Following User Says Thank You to Sunset_Shimmer For This Useful Post:
peterleinchen's Avatar
Posts: 4,118 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#8
I could also not remember and my device is in OpenMode so no reference.

Please follow all the 'this' links from this post on
http://talk.maemo.org/showthread.php?t=96282
via
http://talk.maemo.org/showthread.php...95#post1498795
and you will end here
http://talk.maemo.org/showthread.php...9&postcount=70
which tells me refhashlist was writable but only with caution!
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 18:01.