Another way to become root? (Without any flashing)
 

Would it work to prepare a .deb with a setuid binary, and then install that?

I don't think so. When a .deb package is installed, it is installed by the install user, which has the same rights as the regular user (named "user"). Neither user has the rights to create setuid binaries.

Also, if it worked as you suggest, this would be a security bug that would likely be closed in a future release of the firmware.

Aaron

user ALL = (install) NOPASSWD: /usr/bin/app-installer-tool
user ALL=(install) NOPASSWD: /usr/bin/app-installer-tool

Still requires root to edit ;)

nono.. thats already in /etc/sudoers

And your point is? This means that app-install-tool will be invoked under the install user account, as I stated in my earlier post. The install user account doesn't have any more privileges than the regular user account.

Aaron

the question was would a .deb installer of a new gainroot file work without rebooting in rdmode. the answer is yes. because the user has sudo privileges to install new .deb files. hence it would overwrite the old gainroot.

If you really think this is going to work, then please prove it! Make an installer package that overwrite gainroot. ;)

I'm with Aaron: the problems will be two fold:

1. The app-installer-tool is run as `install', not `root' so it can't create a setuid root binary
2. The app-installer-tool installs everything under /var/lib/install, but gainroot is in /usr/sbin.

You could produce a deb which would be extracted using dpkg -x new_gainroot.deb /, however that wouldn't gain anything over "copy this new gainroot to /usr/sbin", "untar this tarball over /" or "run patch against this diff".

Some japanese:

I dough sink so.

The closest I've come is enabling scp by creating a symlink and then executing a scp with explicit from and to ip's and users.

Thanks
 

Many thanks everyone for your replies. It seems clear now that this idea won't work, because of the app installer not installing as root. Also I think I agree that it would be a bug if it did work - because it would create a way for a non-savvy user to trash their gadget without sufficient warnings.

(I think it would be nice if there was a way to enable root without having to reflash, but it should be strongly caveated in the UI.)

Regards,
Neil

Note that the "flashing" required to get root is not the same as re-flashing your firmware. Using the Flasher Tool, you toggle a bit within the firmware, but don't replace anything else.

Therefore, enabling R&D mode alone should not lose you any data or settings.

Cheers,

Andrew

Aha, I hadn't realized that. Thanks for making that clear.

Neil

Same goes for the famed "USB host" mode, BTW.