rainisto
|
2012-03-25
, 20:18
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#131
|
|
2012-03-25
, 20:30
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#132
|
I've noticed a couple of oddities when running an incepted opensh.
First of all, I am unable to run a simple shell script under opensh:
|
2012-03-25
, 21:58
|
Posts: 245 |
Thanked: 915 times |
Joined on Feb 2012
|
#133
|
The second thing I discovered was that it is actually possible to run an incepted opensh shell as a regular user and gain full root privileges without needing to supply a root password!
<snip>
|
2012-03-25
, 23:59
|
|
Posts: 634 |
Thanked: 3,266 times |
Joined on May 2010
@ Colombia
|
#134
|
Q: But isn't it a big security risk?
---------------------------------
A: Not at all, as user needs to boot into open mode kernel, something that no malware
could do. Of course once you switched "to the dark side" and got opensh installed
on your system, it is basically as safe or vulnerable to malware attacks as any other
linux system, maybe marginally better still thanks aegis.
|
2012-03-26
, 03:54
|
Posts: 245 |
Thanked: 915 times |
Joined on Feb 2012
|
#135
|
Well I knew that the purpose of opensh was to provide real root, what I didn't realise was that setuid(0), setgid(0) was used to achieve this. I'll admit I was naive to install it without knowing this but what surprised me was how nothing has been done to lock it down. To quote the author (http://maemo.cloud-7.de/HARM/N9/openmode_kernel_PR1.1/):
No way is the default install of opensh as safe as any Linux system. Perhaps most people here find it acceptable to be able to gain root access without some form of password or key. Fremantle's rootsh was just as vulnerable.
|
2012-03-26
, 04:59
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#136
|
|
2012-03-26
, 18:59
|
Posts: 64 |
Thanked: 42 times |
Joined on Jun 2009
|
#138
|
tried to make sudo work with all credentials, no succes. too little skill in linux. need help =)
/usr/sbin/incept sudo_1.6.8p12-4osso28+0m6_armel.deb
EDITOR=/usr/bin/vi /usr/sbin/visudo
The Following User Says Thank You to zszabo For This Useful Post: | ||
|
2012-03-26
, 19:19
|
|
Posts: 6,436 |
Thanked: 12,701 times |
Joined on Nov 2011
@ Ängelholm, Sweden
|
#139
|
~ $ sudo su Password: BusyBox v1.20.0.git (MeeGo 3:1.20-0.1+0m7) built-in shell (ash) Enter 'help' for a list of built-in commands. ~ # accli -I Current mode: open IMEI: 357923040175103 Credentials: UID::root GID::root CAP::chown CAP::dac_override CAP::dac_read_search CAP::fowner CAP::fsetid CAP::kill CAP::setgid CAP::setuid CAP::linux_immutable CAP::net_bind_service CAP::net_broadcast CAP::net_admin CAP::net_raw CAP::ipc_lock CAP::ipc_owner CAP::sys_module CAP::sys_rawio CAP::sys_chroot CAP::sys_ptrace CAP::sys_pacct CAP::sys_admin CAP::sys_boot CAP::sys_nice CAP::sys_resource CAP::sys_time CAP::sys_tty_config CAP::mknod CAP::lease CAP::audit_write CAP::audit_control CAP::setfcap CAP::mac_override CAP::mac_admin GRP::root GRP::adm GRP::dialout GRP::pulse-access
The Following User Says Thank You to coderus For This Useful Post: | ||
|
2012-03-26
, 19:32
|
Posts: 64 |
Thanked: 42 times |
Joined on Jun 2009
|
#140
|
/usr/bin/sudo /bin/opensh -c /bin/bash --rcfile <rc filename>
Tags |
harmattan, inception, root-access |
|