Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (5)
to General by teroyk - 2 days, 17 hrs ago -
Extra softwares in Sailfish using CLI, repositories, etc (118)
to SailfishOS by nieldk - 2 days, 22 hrs ago -
Paths (0)
to Maemo 7 / Leste by teroyk - 3 days, 19 hrs ago - more...
 |
|
2015-01-16
, 08:00
|
|
Posts: 4,117 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#2
|
Apparently you missed the target executable(s):
BUT are you sure this is a good idea? 
Just comment out this line where there is this line with NOPASSWD.
user ALL = PASSWD: ALL
Just comment out this line where there is this line with NOPASSWD.
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
| The Following User Says Thank You to peterleinchen For This Useful Post: | ||
|
|
2015-01-16
, 08:09
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#3
|
/etc/sudoers.d/everybody.sudoers changes break sudoers
I cannot (at least right now) look at the cssu-enabler postint because I didn't install that package (even though I do have CSSU thumb installed).
| The Following 2 Users Say Thank You to reinob For This Useful Post: | ||
 |
|
2015-01-16
, 09:26
|
|
Posts: 654 |
Thanked: 2,368 times |
Joined on Jul 2014
@ UK
|
#4
|
Thanks guys. Can i ask how you have configured root access on your devices? I don't like the idea of root access withougt a pw.
EDIT: purging sudser removed that file.
Last edited by Feathers McGraw; 2015-01-16 at 09:31. Reason: added info
EDIT: purging sudser removed that file.
Last edited by Feathers McGraw; 2015-01-16 at 09:31. Reason: added info
|
|
2015-01-16
, 10:16
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#5
|
Originally Posted by Feathers McGraw
I do
I don't like the idea of root access withougt a pw.
, I know it does feel weird, but after all we're talking about a device you carry in your pocket and would defend with your life , so I just type "root" and do what I have to do.Note that you cannot use "su" because it's not suid, and you cannot make su suid because su is actually a link to busybox and *you don't want to make busybox suid*.
BTW you have "user ALL=(ALL) NOPASSWD: ALL" in your /etc/sudoers immediately after the last line coming from 01sudo. Would you mind showing a listing of your /etc/sudoers.d/*
That line (which I don't have) conflicts with "user ALL=(ALL) PASSWD:" (which as peterleinchen said should be "user ALL=(ALL) PASSWORD: ALL" but I don't speak sudoer!
I just looked in "update-sudoers" and it used "visudo -c" to check the file (this is what caused dpkg to fail in your case). So I'd suggest you run, manually, "update-sudoers" and see what it spits.
| The Following 2 Users Say Thank You to reinob For This Useful Post: | ||
|
|
2015-01-16
, 13:28
|
|
Posts: 4,117 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#6
|
Changes in 01sudo:
it will request root password and allow only to become root (no other program to be "sudoed", ofc there are some exceptions and you may add more, even ALL).
@reinob
To the life definitely not. But in principle you are right.
Had it 2 years your way and now 2-3 years my way
Defaults env_check+="HOME DISPLAY"
Defaults env_keep+="HOME DISPLAY"
Defaults env_reset
#
Defaults insults
Defaults targetpw
#
#user ALL = NOPASSWD: /usr/sbin/gainroot
user ALL = PASSWD: /usr/sbin/gainroot
#user ALL = NOPASSWD: ALL
@reinob
To the life definitely not. But in principle you are right.
Had it 2 years your way and now 2-3 years my way
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
| The Following 3 Users Say Thank You to peterleinchen For This Useful Post: | ||
|
|
2015-01-16
, 14:07
|
|
Posts: 654 |
Thanked: 2,368 times |
Joined on Jul 2014
@ UK
|
#7
|
So i reinstalled sudser to see what would happen, it installed successfully and said to run sudser if i wanted to set a pw. I exited the root shell and ran the command, here's the output:
so is the line that conflicts with the config generated by sudser generated by rootsh?
here's my list of additional sudoers config files:
I understand why it's convenient to have easy root for everyone, but doesn't that make it trivial to root the device from everyday vulnerabilities? Not so worried about physical security because like you said i keep a close eye on my phone.
Thanks for your help. The N900 is fun!
Code:
~ $ sudser Please enter a password for 'user', or press 'Enter' to use no password Enter password: Again password: grep: /etc/shells: No such file or directory Password changed. >>> sudoers file: syntax error, line 29 <<< /etc/sudoers.d/everybody.sudoers changes break sudoers ~ $
here's my list of additional sudoers config files:
Code:
~ $ ls /etc/sudoers.d 01sudo community-ssu.sudoers everybody.sudoers fmms_magic.sudoers hildon-application-manager.sudoers hildon-control-panel-personalisation.sudoers hildon-input-method-configurator.sudoers mafw-dbus-daemon.sudoers osso-af-startup.sudoers osso-app-killer.sudoers osso-applet-languageregional.sudoers ssc-daemon.sudoers tscalibrate.sudoers ~ $
Thanks for your help. The N900 is fun!
| The Following User Says Thank You to Feathers McGraw For This Useful Post: | ||
|
|
2015-01-16
, 15:19
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#8
|
Originally Posted by Feathers McGraw
I downloaded sudser (without installing it) and had a look at the sudser-worker script, which tries to add a line like:
so is the line that conflicts with the config generated by sudser generated by rootsh?Code:~ $ sudser Please enter a password for 'user', or press 'Enter' to use no password Enter password: Again password: grep: /etc/shells: No such file or directory Password changed. >>> sudoers file: syntax error, line 29 <<< /etc/sudoers.d/everybody.sudoers changes break sudoers ~ $
Code:
user ALL=(ALL) PASSWD: $shells
Problem is that (1) doesn't quite make sense, and (2) you don't have that file.
I happen to have that file because screen and tmux put themselves there. Normally /bin/sh should be there (you can add it there).
In any case this tells us that:
(1) sudser is buggy and unsupported
(2) you have to fix this yourself
(3) the sudo-situation in Maemo is horrible, only on-par with the dependency hell we have.
If Maemo didn't brick whenever you *think* about modifying a critical file I would propose replacing "update-sudoers" by a dummy and keeping a user-controlled list that nobody can update.
As we have it now (answering your security concern) every "app" can (1) do rm -rf / on postinst before you can say "huh?" and (2) add a file to /etc/sudoers.d to give itself root rights (many apps do this, and it doesn't seem to be considered unpolite by the people here
I think there's been already at least one thread or sub-thread dealing (= talking about, not solving) with the sudo issue. This is our own version of the "elephant in the room", but we just love our elephant the way it is.
So not only do you have to keep the N900 close to your heart, but you also have to be (100-N)% sure and N% naively-trusting about what you install.
| The Following 2 Users Say Thank You to reinob For This Useful Post: | ||
|
|
2015-01-16
, 15:55
|
|
Posts: 4,117 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#9
|
I have /etc/shells, too.
Content:
/bin/sh
/bin/bash4
Still stock Maemo, so maybe cssu removed it?
Nevertheless remove suder, it is not needed.
rootsh is enough
run passwd (maybe package passwd is needed or bb-power is enough) after getting root (sudo gainroot), set a pass for root, take my changes above and you are good to go ...
Content:
/bin/sh
/bin/bash4
Still stock Maemo, so maybe cssu removed it?
Nevertheless remove suder, it is not needed.
rootsh is enough
run passwd (maybe package passwd is needed or bb-power is enough) after getting root (sudo gainroot), set a pass for root, take my changes above and you are good to go ...
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
| The Following User Says Thank You to peterleinchen For This Useful Post: | ||
|
|
2015-01-16
, 19:14
|
|
Posts: 654 |
Thanked: 2,368 times |
Joined on Jul 2014
@ UK
|
#10
|
Thanks guys, i think i'll go for the "set a root pw and remove sudser" method. It'll take a while to kill the "sudo" reflex!
reinob, do you think you could expand on this a bit - it sounds interesting. I've never looked into suid and sudo etc. on ubuntu in any great detail, but i'd like to understand the different configurations if i can. If we installed a full (non-busybox) version of su on maemo and made it suid, could that work?
Note that you cannot use "su" because it's not suid, and you cannot make su suid because su is actually a link to busybox and *you don't want to make busybox suid*.
| The Following 2 Users Say Thank You to Feathers McGraw For This Useful Post: | ||
 |
| Tags |
| community ssu, dpkg error, rootsh, sudors, sudser |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 07:02.
Thanks