So I am in the process of trying to make my N900 more secure. I have performed a few steps already but im getting stuck due to being able to run sudo gainroot or even sudo "command" from the local xterm or ssh and get root without a password. So essentially someone could pickup my phone type root and have root access I consider that a security risk.

I have SSH installed and have set a root password, disabled root access to ssh and created a password for user so I can log into ssh without coming in as root.

1. I don't want to be able to issue the sudo command without a password. I need it password protected. Just like standard ubuntu

2. Honestly I don't even want rootsh period but I hear it's required for certain things to work properly, I tried removing it but it says "can't uninstall" I guess its dependent for another app

Bottom line is I want it to mimic a normal debian install, issue sudo "command" and if the user is in the sudoers file be prompted for the password for that user and run as root. Do I really need rootsh would like to ditch it and just issue sudo su root to gain root access.

Is it as easy as editing the sudoers file to accommodate the requests? If so i want to make sure I do it correctly because I would rathert not brick my device.

Here is my sudoers file if i can just edit that to overcome my requests just show me how...
Thanks for your time, I love this site, N900's and similar RULE! Why would anyone want any other computer




PS - anyone know a command to pull the GPS coordinates from the term?


Attachment: /etc/sudoers

Short answer: It's probably possible
Long answer: It may not be practical. (Note: If I'm explaining things you already know, no offense) A normal desktop distribution would have a much simpler sudoers file, often granting full permissions for selected users. Given that the N900 is meant for quick, easy access, and Nokia's policy of focusing on external security (because let's face it - if someone steals your phone, a root password isn't exactly going to slow them down if they want your data/whatever, and if they just want the phone, then they're not going to mess with that anyway), they added exceptions to the sudoers file for apps that need root access. Most of those lines read more or less as "let user 'user' do whatever the heck they want with app 'foo'".
I don't know exactly what the deal with rootsh is, so it might not be as easy as just messing with sudo & friends as on a normal distro. However, as far as sudo goes, the thing to do would be to restrict access more by modifying the exceptions in the sudoers file (e.g. the NOPASSWD part - man sudo on a desktop should tell you what to do there - the basic syntax isn't terribly complicated). I wouldn't be surprised if just doing that horribly breaks things, though. The other issue you'll run into is that there is no Maemo equivalent of gksu/do or kdesu/do, so at best you'd have to port or write something like that for Maemo as well, unless you wanted to launch half of your apps from the console.
To put it concisely, the phone was designed around a different use-case, and a different security model than what *nix is usually used for, so trying to lock it down in the convential way is kind of working against the design.
As a further note (and don't quote me on this), you might (*might*) have an easier time with Mer. Last I tried it, sudo worked like sudo should, although I believe the App Manager and such still had exceptions as in Maemo.

I think you should comment: "user ALL = NOPASSWD: /usr/sbin/gainroot"
But text "### Automatically added by update-sudoers start ###" could mean that this file possibly recreated after each reboot....

If you have firmware 51-1 you can make test safe...
If you want to make it save do this under "root":
1. cp /etc/sudoers /etc/sudoers.backup
2. echo "rm /etc/sudoers" >> /bootmenu.sh
3. echo "cp /etc/sudoers.backup /etc/sudoers" >>/bootmenu.sh
4. chmod a+x /bootmenu.sh
5. Modify sudoers by commenting "#" line "user ALL = NOPASSWD: /usr/sbin/gainroot"
6. reboot with closed keyboard!!!
7. If everything work remove file "/bootmenu.sh"
8. If something not working reboot with open keyboard

File "/bootmenu.sh" execute when you reboot with open keyboard.

mikhmv: Awesome, thanks for going to the trouble to list all of that. I for one didn't know about the keyboard trick - that's slick. I award you two Internets!

Check this thread: http://talk.maemo.org/showthread.php?t=19009 ... That's the easiest non-blocking way.

mikhmv

Let me see if I understand properly before I move forward

So I could comment out user "ALL = NOPASSWD: /usr/sbin/gainroot"
in the sudoers to protect the use of it and if things went horribly wrong the solution of using the dual bootmenus selectable by having the keyboard opened or closed could avoid bricking my new best friend?

That's genius, thanks mikhmv

You think to keep sudo "command" from being being executed without a password from "user" that I could change "user ALL = NOPASSWD: ALL"?. I've never done any sudoers editing, but I can use vi

Thanks guys

You right! Look like you should comment this line too:
user ALL = NOPASSWD: ALL
manual is here: http://www.gratisoft.us/sudo/man/sudoers.html

I am also trying to tackle the problem of user being able to run "sudo su" without being asked for a password. I have removed the line "user ALL = NOPASSWD: ALL" and have tried adding the line "user ALL = PASSWD: /bin/su" to the list without success. removing only the "... NOPASSWD: ALL" line worked too well and does not permit anything besides the exceptions listed in the sudoers file. Adding the line "... PASSWD: /bin/su" allows user to run "sudo su" but does not ask for the password which defeats the purpose of my endeavour.

On a side note.. there is no need to mess with bootmenu.sh and rebooting the n900 at all. this can all be done by editing the correct files in /etc/sudoers.d/ and running the command update-sudoers.
testing modifications to /etc/sudoers is most efficiently done by logging into the n900 as root and editing the sudoers file while running a 2nd ssh session as user and testing commands. its much easier to make corrections that way.

EDIT: adding "user ALL = PASSWD: ALL" seems to have worked. Also, in retrospect, "user ALL = PASSWD: /bin/su" seems to have worked aswell. the reason for this is that sudo remembers for quite some time that a user used sudo (in this case remembers the last successful sudo test) and does not ask for the password during this time.
"sudo -k" effectively invalidates the timestamp which lets you test these things.

[QUOTE=dis360;491371]So I am in the process of trying to make my N900 more secure. I have performed a few steps already but im getting stuck due to being able to run sudo gainroot or even sudo "command" from the local xterm or ssh and get root without a password. So essentially someone could pickup my phone type root and have root access I consider that a security risk.

Hmm... I wonder if "sudo gainroot" is also a risk from another side: Consider a program XY which I installed. XY runs in "user" context but has some malicious code in it which calls "sudo gainroot" and then XY has full rights to my system?!

XY has full rights to your system while you are installing it - a malicious programmer could put whatever he wishes in a post-inst script and make their program run in full privileges no matter if rootsh is even installed on the system.