|
2015-01-19
, 11:42
|
Posts: 2,225 |
Thanked: 3,822 times |
Joined on Jun 2010
@ Florida
|
#2
|
#!/bin/sh sed -i ' 1 i root ALL = (ALL) NOPASSWD: ALL 1 i user ALL = (ALL) PASSWD: ALL /user ALL = NOPASSWD: \/usr\/sbin\/gainroot/ d ' /etc/sudoers.d/01sudo update-sudoers passwd -d user osso-xterm passwd
#!/bin/sh patchSudoers() { sed -i ' 1 i root ALL = (ALL) NOPASSWD: ALL 1 i user ALL = (ALL) PASSWD: ALL /user ALL = NOPASSWD: \/usr\/sbin\/gainroot/ d ' "$1" } patchSudoers /etc/sudoers.d/01sudo patchSudoers /etc/sudoers passwd -d user osso-xterm passwd
The Following 16 Users Say Thank You to Mentalist Traceur For This Useful Post: | ||
|
2015-01-19
, 11:42
|
Posts: 2,225 |
Thanked: 3,822 times |
Joined on Jun 2010
@ Florida
|
#3
|
root (1.0) unstable; urgency=low * Automatically generated from script! -- nobody <nobody@example.com> [TIMESTAMP]
Source: root Section: user/admin Priority: extra Maintainer: nobody <nobody@example.com> Package: root Architecture: all Version: 1.0 Depends: Description: Adds basic rules for sudo: password-protected root access.
These auto-generated package contents are in the public domain.
The Following 13 Users Say Thank You to Mentalist Traceur For This Useful Post: | ||
Estel, Feathers McGraw, J4ZZ, juiceme, lal, peterleinchen, reinob, rotoflex, saponga, thedead1440, wicket, Wikiwide, zod |
|
2015-01-19
, 11:43
|
Posts: 2,225 |
Thanked: 3,822 times |
Joined on Jun 2010
@ Florida
|
#4
|
!<arch>
printf '%-16s%-12s0 0 100644 %-10s`\n' $FILE_NAME $UNIX_TIMESTAMP $FILE_SIZE >> "$DEB"
if [ $((SIZE % 2)) = 1 ] then printf '\n' >> "$DEB" fi }
dbus-send --type=method_call --print-reply='' \ --dest=com.nokia.hildon_application_manager \ /com/nokia/hildon_application_manager \ com.nokia.hildon_application_manager.mime_open \ string:"$DEB"
The Following 14 Users Say Thank You to Mentalist Traceur For This Useful Post: | ||
|
2015-01-19
, 11:44
|
Posts: 2,225 |
Thanked: 3,822 times |
Joined on Jun 2010
@ Florida
|
#5
|
#!/bin/sh arAddFile() { SIZE=`ls -l $1 | awk '{print $5}'` printf '%-16s%-12s0 0 100644 %-10s`\n' $1 $TIMESTAMP $SIZE >> "$DEB" cat $1 >> "$DEB" if [ $((SIZE % 2)) = 1 ] then printf '\n' >> "$DEB" fi } PACKAGE=root WORKDIR=`mktemp -d /tmp/"$PACKAGE".XXXXXX` || exit 1 SUBDIR=$WORKDIR/sub mkdir "$SUBDIR" cd "$SUBDIR" tar -czf "$WORKDIR"/data.tar.gz . cat > "$SUBDIR"/changelog <<DELIM $PACKAGE (1.0) unstable; urgency=low * Automatically generated from script! -- nobody <nobody@example.com> `date -R` DELIM cat > "$SUBDIR"/control <<DELIM Source: $PACKAGE Section: user/admin Priority: extra Maintainer: nobody <nobody@example.com> Package: $PACKAGE Architecture: all Version: 1.0 Depends: Description: Adds basic rules for sudo: password-protected root access. DELIM cat > "$SUBDIR"/copyright <<DELIM These auto-generated package contents are in the public domain. DELIM cat > "$SUBDIR"/preinst <<DELIM #!/bin/sh patchSudoers() { sed -i ' 1 i root ALL = (ALL) NOPASSWD: ALL 1 i user ALL = (ALL) PASSWD: ALL /user ALL = NOPASSWD: \/usr\/sbin\/gainroot/ d ' "$1" } patchSudoers /etc/sudoers.d/01sudo patchSudoers /etc/sudoers passwd -d user osso-xterm passwd DELIM chmod +x "$SUBDIR"/preinst tar -czf "$WORKDIR"/control.tar.gz . cd "$WORKDIR" rm -r "$SUBDIR" printf '2.0\n' > debian-binary DEB="$WORKDIR"/"$PACKAGE".deb touch "$DEB" TIMESTAMP=`date +%s -r "$DEB"` printf '!<arch>\n' > "$DEB" arAddFile debian-binary arAddFile control.tar.gz arAddFile data.tar.gz rm debian-binary control.tar.gz data.tar.gz dbus-send --type=method_call --print-reply='' \ --dest=com.nokia.hildon_application_manager \ /com/nokia/hildon_application_manager \ com.nokia.hildon_application_manager.mime_open \ string:"$DEB"
The Following 14 Users Say Thank You to Mentalist Traceur For This Useful Post: | ||
|
2015-01-19
, 15:07
|
Posts: 915 |
Thanked: 3,209 times |
Joined on Jan 2011
@ Germany
|
#6
|
The Following 13 Users Say Thank You to sulu For This Useful Post: | ||
|
2015-01-19
, 18:45
|
|
Posts: 634 |
Thanked: 3,266 times |
Joined on May 2010
@ Colombia
|
#7
|
The Following 9 Users Say Thank You to wicket For This Useful Post: | ||
|
2015-01-20
, 09:30
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#8
|
Great work and many thanks for providing a much saner approach to gain root access.
This does however highlight that HAM is broken by design and could easily be exploited by an attacker to gain root access using your method. A short term fix might be to identify the setuid executable that is used by HAM to gain root access, remove the setuid bit and then invoke it using the now secure sudo instead.
This also illustrates another of Fremantle's many bad design decisions and another reason why I think the future of the N900 lies with native Debian.
The Following 7 Users Say Thank You to reinob For This Useful Post: | ||
|
2015-01-20
, 09:32
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#9
|
|
2015-01-20
, 11:41
|
Posts: 915 |
Thanked: 3,209 times |
Joined on Jan 2011
@ Germany
|
#10
|
.. just wondering how much effort would be needed to list everything in Maemo (script or executable) that calls sudo.
The Following 5 Users Say Thank You to sulu For This Useful Post: | ||
Tags |
maemo 5, root access |
Thread Tools | |
|
Well, I just "upgraded" back to the N900 from the N9 (you served me well N9, I still love you, but you're no N900), and this time around I decided "what the heck, I could use these 9+ free hours to be productive, OR I could script up this thing that no one really needs but is sorta fun and allows me to 'bootstrap' up to root access on a stock N900 without any external help or tools. Oooo and even better, then I could spend another 12+ hours writing up a thorough tutorial about how I did it, because people might enjoy reading it and/or learn something from it." (Of course taking this much time to write something was also helpful to me already, it caused me to spend a lot more time contemplating/reconsidering/reviewing/rechecking what I did/decided.)
Normally, when we want to get root access on our N900s right after a fresh flash, we have a couple of options: install rootsh/sudser/sshd etc, any package that directly or indirectly opens a way for us to get a root shell on our N900s, or go the 'official' way and turn on R&D mode, which lets us through the Nokia-included /usr/sbin/gainroot command. But sometimes you might not have access to either for whatever reason, and maybe, just maybe, if/when that time comes you'll remember enough details from this post that you'll be able to redo it from memory. Or more likely, you'll just find this post informative/interesting for other reasons.
For starters, let's explain the broad-strokes reasoning:
We know that the stock N900 will have the following things:
1. busybox (has a decent, if smallish, set of standard UNIX-y tools built in)
2. XTerm (allows you access to #1)
3. hildon-application-manager (The "App Manager" app, hereby referred to as "HAM". HAM will install any valid .deb file we give it that also matches HAM's own special criteria. When it does so, it will do the install process with root privileges, including any of the .deb's {pre/post}{rm/inst} scripts - this is why all those aforementioned packages in the repos are able do set us up with root access one way or another.)
So, in principle, all we need is:
1. To write a script which, when run as root, will change the system in a way that enables us to become root. (There are many different ways to do this, but once we know how we can trivially do this with a plain-text editor)
2. To wrap that script up in .deb file which will contain the script as its 'preinst' or 'postinst' script. (This is the hard part, because we have to know the layout of a .deb package - we can't rely on automated tools.)
Then we just tell HAM to install that .deb file, either by navigating to it using built in File Manager, or by running the dbus command to invoke HAM's install-this-deb-file behavior through that.
For those who are interested: See next posts for much more detail:
My preferred 'get access to root' configuration, and reasoning
.deb format basics and how I did all the deb metadata files
.ar format basics and how to assemble+install the .deb
Example implementation
P.S. I hope it's obvious, but if you feel this is over your head, by all means, feel free to ask questions, but please don't go trying this on your devices if you don't already feel comfortable using the shell/xterm on your N900(s). For example, if look at the command at the end of the assemble+install section, and don't realize that "$DEB" is a variable for the .deb file (which you must either define in the shell with a previous command, or replace with the actual filepath in the command itself), then you probably want to take some more time to understand what the shell commands mean before proceeding. Similarly, if you screw up editing the /etc/sudoers file, (or any files in /etc/sudoers.d/), then you can lock yourself out of root access.
If you want to donate in support of anything that I do, you can do so with either of these options:
PayPal | Bitcoin: 1J4XG2z97iFEKNZXThHdFHq6AeyWEHs8BJ | [Will add other donation options eventually]
Last edited by Mentalist Traceur; 2015-01-19 at 11:50. Reason: Edit1: Adding links to later posts | Edit2: Fixing links to later posts