maemo.org - Talk
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   [Fun/Learning] Root access on freshly flashed N900 using on-device tools only (https://talk.maemo.org/showthread.php?t=94494)

reinob 2015-01-21 08:43
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Quote:
Originally Posted by sulu (Post 1457367)
Just download all the source packages and grep them for 'sudo'.
stupid but effective ;)
Yup. Alternatively, "one" could implement a drop-in replacement for sudo which offers a graphical front-end if X is running. I would even go as far as configuring it with a different /etc/sudoers (like /etc/sudoers.mine) to prevent packages randomly adding themselves without asking.

I know, this is Maemo, which is like the wild west :)..
.. but you know, this is Maemo, the user must have absolute control over the system.

sixwheeledbeast 2015-01-21 13:39
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
If anything I would say things that could be easily fixed are repairing packages that depend on rootsh or sudser, as a priority.
Long term I would like to see a more secure root in Maemo, thanks for your work MT.
FWIW I have modified my system to prompt for a root password in a terminal.

Mentalist Traceur 2015-01-23 06:26
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Quote:
Originally Posted by sulu (Post 1457261)
Nice tutorial!

Just one suggestion:
If you have a pre/postinst script that changes files that do not belong to your package, please also include a pre/postrm script that (optionally) restores their original condition!

I know this can be tricky at times, e.g. when two packages alter the same file but aren't installed/removed in a LIFO manner. But one should at least try by making a simple backup of the files one found during the installation or (maybe) better reversing the sed command.

Not taking care of what happens after your packages are removed usually results in a mess and in my opinion this is one of Maemo's main problems.
Code:
#!/bin/sh
sed '
/^root ALL = (ALL) NOPASSWD: ALL$/ d
/^user ALL = (ALL) PASSWD: ALL$/ d
6 i user = NOPASSWD: /usr/sbin/gainroot
' /etc/sudoers.d/01sudo
update-sudoers
That should do it. Run as root manually or include in your package as the prerm/postrm script. I think that's better/cleaner than leaving a backup file lying around, which may be out of date by the time you remove the package. This should just remove the two exact-match lines the original file had added with my example script, and add the original gainroot-allowing line back in, at the same spot where it originally was (unless new lines were added since then to the start of the file).

As for why I didn't originally include this: In general, I completely agree with you. For this particular example, however, my goal was to get myself root - I don't intend on ever taking this root-ness away from myself, and the .deb package is, in this case, just a means to an end - in my mind it's a one-off-manual-tweak-in-the-form-of-a-package, not a true package. And tbh in my mind this is like applying a bugfix to a system package.

Mentalist Traceur 2015-01-23 06:34
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Quote:
Originally Posted by reinob (Post 1457356)
HAM uses /etc/sudoers.d/hildon-application-manager.sudoers, which allows passwordless sudo for apt-worker (as well as for hildon-application-manager-util to handle repositories).

So no setuid here. If you force a password then I suppose HAM will just stop working because sudo will ask for a password without having a terminal for I/O. I suppose we could install some sort of graphical sudo ("gksudo" or whatever) and patch HAM to use it instead of "sudo apt-worker"..
Quote:
Originally Posted by reinob (Post 1457460)
Yup. Alternatively, "one" could implement a drop-in replacement for sudo which offers a graphical front-end if X is running. I would even go as far as configuring it with a different /etc/sudoers (like /etc/sudoers.mine) to prevent packages randomly adding themselves without asking.

I know, this is Maemo, which is like the wild west :)..
.. but you know, this is Maemo, the user must have absolute control over the system.
Instead of patching HAM to call another program, or replacing sudo, I think it's better if we just install a more proper sudo that has askpass support, then have something in the desktop initialization set the SUDO_ASKPASS environment variable. Admittedly, I think the invokers may need to invoke sudo with the '-A' flag: I'm not sure if sudo has pty detection built-in to know when to assume it needs to run an askpass program, which would allow it to do so without being called with the -A flag. But if the '-A' flag is required, then patching of HAM, etc, would be required too.

Incidentally, the latest GCC 4.6 and dependencies in the maemo repos + CSSU-Testing (which recently updated libc6 a little) lets us build a perfectly working sudo from the latest stable branch with askpass support, and we have at least one working askpass implementation ssh-askpass in the repos (though a properly hildon-ized askpass UI would be much nicer). (I also have a shell-script based askpass that pops open a terminal to get the password, but that one uses a named pipe to move the password between the launching script and the one running in the launched terminal, and I'm not confident it's secure enough (or ever could be, given the limitations of that approach).)

Mentalist Traceur 2015-01-23 06:47
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Quote:
Originally Posted by sulu (Post 1457367)
Just download all the source packages and grep them for 'sudo'.
stupid but effective ;)
Or, if you don't mind burning time and battery juice on one of your N900s, you can run something like this on the N900 itself:
Code:
# find / -xdev -exec fgrep -H sudo {} +
# find /home -xdev -exec fgrep -H sudo {} +
(if you've got find symlinked to GNU's find instead of busybox's, depending on the version, the '+' may not be recognized, in which case you may have to settle for the much slower '\;' - not sure when GNU's find gained support for that '+' syntax...)

Mentalist Traceur 2015-01-23 07:45
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Oh, by the way, I noticed an issue with my script in post #2, which I have now edited with a better script (the issue is explained in the edit in that page, I just wanted to mention it here because I know new posts get noticed much easier than old edited ones).

sulu 2015-01-23 11:47
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Quote:
Originally Posted by Mentalist Traceur (Post 1457707)
Or, if you don't mind burning time and battery juice on one of your N900s, you can run something like this on the N900 itself:
Code:
# find / -xdev -exec fgrep -H sudo {} +
# find /home -xdev -exec fgrep -H sudo {} +
That only works for packages installed on YOUR N900 and it's usefulness is kind of limited if run on compiled binary programs instead of scripts.
I was more generally speaking, like searching the whole extras repo.

And I surely wouldn't do this on a six years old single core arm connected to a slow emmc or even slower µSD card guarded by a misbehaving watchdog. ;)

Mentalist Traceur 2015-01-23 15:55
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Quote:
Originally Posted by sulu (Post 1457762)
That only works for packages installed on YOUR N900 and it's usefulness is kind of limited if run on compiled binary programs instead of scripts.
I was more generally speaking, like searching the whole extras repo.
Of course, they're different directions of investigation, with somewhat different end results. But scripting an automated search of every extras package's source would not be a one-liner anyone can immediately run on their own (though admittedly also simple enough), and running it would cost hefty usage of bandwidth for both the person running it and the Maemo infra. I figured my suggestion could be used by users interested in starting the search of their own packages (since that concerns them more). Obviously for binary files they'd have to then dig up the source to investigate further.

Quote:
Originally Posted by sulu (Post 1457762)
And I surely wouldn't do this on a six years old single core arm connected to a slow emmc or even slower µSD card guarded by a misbehaving watchdog. ;)
I would've, but then again, I have several N900s so I can afford to launch this on one and let it sit around. Then again, I was running a recursive grep on the /usr folder last night for something while doing something with `setxkbmap -v 10` in another terminal, and that N900 rudely shut down on me without warning when I ran one of those commands, so that may well have been the watchdog flipping out. So, good point.

iHaveNoNames 2021-06-21 00:46
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Hi, I have corrupted my /etc/sudoers file, and of course disable sshd before :rolleyes: . Repository system seems out of order too. Now I can not anymore become root (it asks for a password never set). Is there a way for privilege escalation, without reflashing the N900 ?

peterleinchen 2021-06-21 10:13
Re: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
 
Not really sure what you messed up or how the config on your device looks like.
But default password may be 'rootme'.

Else here is a link to the rootsh package which can be installed and will give you root access via 'sudo gainroot'


All times are GMT. The time now is 15:21.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vBulletin® Version 3.8.8