![]() |
Another way to become root? (Without any flashing)
Would it work to prepare a .deb with a setuid binary, and then install that?
|
I don't think so. When a .deb package is installed, it is installed by the install user, which has the same rights as the regular user (named "user"). Neither user has the rights to create setuid binaries.
Also, if it worked as you suggest, this would be a security bug that would likely be closed in a future release of the firmware. Aaron |
user ALL = (install) NOPASSWD: /usr/bin/app-installer-tool
user ALL=(install) NOPASSWD: /usr/bin/app-installer-tool |
Still requires root to edit ;)
|
nono.. thats already in /etc/sudoers
|
Quote:
Aaron |
the question was would a .deb installer of a new gainroot file work without rebooting in rdmode. the answer is yes. because the user has sudo privileges to install new .deb files. hence it would overwrite the old gainroot.
|
Quote:
|
I'm with Aaron: the problems will be two fold:
You could produce a deb which would be extracted using dpkg -x new_gainroot.deb /, however that wouldn't gain anything over "copy this new gainroot to /usr/sbin", "untar this tarball over /" or "run patch against this diff". |
Quote:
I dough sink so. The closest I've come is enabling scp by creating a symlink and then executing a scp with explicit from and to ip's and users. |
Thanks
Many thanks everyone for your replies. It seems clear now that this idea won't work, because of the app installer not installing as root. Also I think I agree that it would be a bug if it did work - because it would create a way for a non-savvy user to trash their gadget without sufficient warnings.
(I think it would be nice if there was a way to enable root without having to reflash, but it should be strongly caveated in the UI.) Regards, Neil |
Quote:
Therefore, enabling R&D mode alone should not lose you any data or settings. Cheers, Andrew |
Quote:
Neil |
Same goes for the famed "USB host" mode, BTW.
|
| All times are GMT. The time now is 18:32. |
vBulletin® Version 3.8.8