Re: Questions #3: root
Eero Tamminen wrote: > ext Thomas Leavitt wrote: >> I also noticed that "/etc/shells" has a long list of shells. > > As these shells are not installed to the device, this is actually > a bug which you could report to Maemo Bugzilla. IIRC /etc/shells does not list currently available shells, but shells that are considered valid login shells by the OS (this doesn't mean the shell executable has to be installed). I'd say not a bug. -jussi -- Jussi Kukkonen http://koti.welho.com/jkukkone/ ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
Thomas Leavitt wrote: > What's the default password for "user"? Will changing it affect > anything, since obviously the system auto-starts? > Adding a password to the "user" account makes the device less secure IMHO and is bad advice - it's yet another account that can be exploited by brute force. A better choice would be to add your SSH public key to ~/.ssh/authorized_keys on your 770/N800, this way you can login as "user" without having to use the less secure password method for authentication. There is a thread[1] on ITT Forum which explains how to create and use public/private keys with PuTTY. Neil 1. http://www.internettablettalk.com/forums/showthread.php?p=67481#post67481 ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
Hi, ext Thomas Leavitt wrote: > Very cool - I'm in as root! Now this is a *real* Linux box! > > ... although, from another perspective, I find it incredibly uncool that > I've been walking around with a machine with a widely known default root > password, not knowing that I'd enabled remote access to it when I > installed the "ssh" package. Whenever you install anything that opens sockets to the network, you should really know what you're doing. Did you check where you got your ssh? Was it (an older) version with known exploits? Etc... I was under the impression that you had to > go through some bizarre and risky gyration to obtain root access to the > machine... not simply ssh to localhost! Eek?!? > > Now, another geeky question. "user" is a lame login name. I'm going to > assume that it is incredibly unwise to rename "user" to something > reasonable, like "thomas" :) ... is it possible to create a new user and > login using that account instead? I see (via redpill mode) that > "adduser" is one of the packages installed. > > I also noticed that "/etc/shells" has a long list of shells. As these shells are not installed to the device, this is actually a bug which you could report to Maemo Bugzilla. > It seems > just slightly strange to me that, on a device this resource constrained, > they'd "waste" even that many "bytes" by not truncating this file... > makes me wonder what other potential "optimizations" haven't been done. At least on normal desktop file system this wouldn't be an optimization, the minimum disk block size is 512 bytes... JFFS-2 uses fragments so in theory you might save a byte or two, but it compresses text pretty well and compared to the content like videos, songs, images (which are already compressed i.e. cannot be compressed further by JFFS-2), user guides etc, this is, well... pointless? > I also wonder how the synaptic install package managed to add a line > referencing itself to /etc/sudoers... if the app installer permits > modifications of this sort to be made to /etc/sudoers, doesn't that > suggest someone could simply write an app that added the line below, or > write a malicious app that gave itself root privileges? Any application you install can do *anything* in the device, the package management works with root privileges, just like on any other Linux (except ones using system wide security policies, I know e.g. RedHat uses selinux to restrict what daemons open to the networks can do, but do they use it for anything else?) - Eero ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
On Wednesday 12 September 2007 23:53:04 Thomas Leavitt wrote: > Very cool - I'm in as root! Now this is a *real* Linux box! > > ... although, from another perspective, I find it incredibly uncool that > I've been walking around with a machine with a widely known default root > password, not knowing that I'd enabled remote access to it when I > installed the "ssh" package. I was under the impression that you had to > go through some bizarre and risky gyration to obtain root access to the > machine... not simply ssh to localhost! Eek?!? > > Now, another geeky question. "user" is a lame login name. I'm going to > assume that it is incredibly unwise to rename "user" to something > reasonable, like "thomas" :) ... is it possible to create a new user and > login using that account instead? I see (via redpill mode) that > "adduser" is one of the packages installed. > > I also noticed that "/etc/shells" has a long list of shells. It seems > just slightly strange to me that, on a device this resource constrained, > they'd "waste" even that many "bytes" by not truncating this file... > makes me wonder what other potential "optimizations" haven't been done. > > I also wonder how the synaptic install package managed to add a line > referencing itself to /etc/sudoers... if the app installer permits > modifications of this sort to be made to /etc/sudoers, doesn't that > suggest someone could simply write an app that added the line below, or > write a malicious app that gave itself root privileges? > > What's the default password for "user"? Will changing it affect > anything, since obviously the system auto-starts? > > Thomas I don't know if user has a password. I've given mine one (so I can ssh to the box as user) and not root. As for changing the user. I've not gotten into it yet as it would involve changes to the init scripts to login automagically as a user other than user. (hard to type that sentence is). I do remember that someone had once gotten it to run as themselves (His first name was Jim... but the rest I forget.) If I remember I'll pass it along. James > > James Sparenberg wrote: > > On Wednesday 12 September 2007 12:39:52 Thomas Leavitt wrote: > >> What's the cleanest way to get this? > >> > >> Thomas > >> ___ > >> maemo-users mailing list > >> maemo-users@maemo.org > >> https://lists.maemo.org/mailman/listinfo/maemo-users > > > > For me and my way of thinking. Install Xterm... Install openssh (as > > apposed to dropbear) from garage. open Xterm and do ssh [EMAIL PROTECTED] > > use rootme as the password. Add this line to /etc/sudoers > > > > user ALL=(ALL) NOPASSWD: ALL > > > > Now give bother the user named user and root real passwords. Once you do > > this user, user can sudo su to root whenever you need it to. I also > > recommend removing the ability of root to ssh directly after you have > > confirmed that you can sudo. > > > > James > > ___ > maemo-users mailing list > maemo-users@maemo.org > https://lists.maemo.org/mailman/listinfo/maemo-users -- READ CAREFULLY. By [accepting this material|accepting this payment|accepting this business-card|viewing this t-shirt|reading this sticker] you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies (”BOGUS AGREEMENTS”) that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer. ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
Thomas Leavitt wrote: > I also noticed that "/etc/shells" has a long list of shells. It seems > just slightly strange to me that, on a device this resource constrained, > they'd "waste" even that many "bytes" by not truncating this file... > makes me wonder what other potential "optimizations" haven't been done. The savings in this case would be at most 0.0001% of the flash memory use and RAM footprint. When maemo developers have time to work on optimizations like this, we'll be doing great... > I also wonder how the synaptic install package managed to add a line > referencing itself to /etc/sudoers... if the app installer permits > modifications of this sort to be made to /etc/sudoers, doesn't that > suggest someone could simply write an app that added the line below, or > write a malicious app that gave itself root privileges? The app installer runs as root just like every other package manager on any linux distro. When you install a package, the post- and pre-install scripts naturally run as root. So yes, what you suggest is possible, and this is not at all maemo-specific. See SELinux or AppArmor for solutions. Incidentally, this can be seen as a selling point for centralized repositories: The repo administrator has at least a theoretical possibility of checking the install scripts... > What's the default password for "user"? Will changing it affect > anything, since obviously the system auto-starts? Password is not set by default, IIRC. The GUI will still autologin after you've set the password. Sshing in becomes possible with the passwd. I typically unset the root passwd after I've setup passwd and sudo-rights for "user" just to be sure. HTH, Jussi ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
I changed the root user password to something reasonable. I noticed that the "user" account is "locked" (!) in /etc/passwd... should I actually change that? How can I get a decent shell on this thing, without freaking out "busybox" or doing something wierd like installing a package that renames bash to bash-m... After looking at the various cross-dependencies, it would appear that doing anything serious requires dumping busybox and replacing it, but synaptic, etc. insist that everything that makes the box functional is dependent ont the busybox package... so, what do people do in this case? Thomas James Sparenberg wrote: > On Wednesday 12 September 2007 12:39:52 Thomas Leavitt wrote: > >> What's the cleanest way to get this? >> >> Thomas >> ___ >> maemo-users mailing list >> maemo-users@maemo.org >> https://lists.maemo.org/mailman/listinfo/maemo-users >> > > For me and my way of thinking. Install Xterm... Install openssh (as apposed > to dropbear) from garage. open Xterm and do ssh [EMAIL PROTECTED] use > rootme > as the password. Add this line to /etc/sudoers > > user ALL=(ALL) NOPASSWD: ALL > > Now give bother the user named user and root real passwords. Once you do this > user, user can sudo su to root whenever you need it to. I also recommend > removing the ability of root to ssh directly after you have confirmed that > you can sudo. > > James > > > ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
Very cool - I'm in as root! Now this is a *real* Linux box! ... although, from another perspective, I find it incredibly uncool that I've been walking around with a machine with a widely known default root password, not knowing that I'd enabled remote access to it when I installed the "ssh" package. I was under the impression that you had to go through some bizarre and risky gyration to obtain root access to the machine... not simply ssh to localhost! Eek?!? Now, another geeky question. "user" is a lame login name. I'm going to assume that it is incredibly unwise to rename "user" to something reasonable, like "thomas" :) ... is it possible to create a new user and login using that account instead? I see (via redpill mode) that "adduser" is one of the packages installed. I also noticed that "/etc/shells" has a long list of shells. It seems just slightly strange to me that, on a device this resource constrained, they'd "waste" even that many "bytes" by not truncating this file... makes me wonder what other potential "optimizations" haven't been done. I also wonder how the synaptic install package managed to add a line referencing itself to /etc/sudoers... if the app installer permits modifications of this sort to be made to /etc/sudoers, doesn't that suggest someone could simply write an app that added the line below, or write a malicious app that gave itself root privileges? What's the default password for "user"? Will changing it affect anything, since obviously the system auto-starts? Thomas James Sparenberg wrote: > On Wednesday 12 September 2007 12:39:52 Thomas Leavitt wrote: > >> What's the cleanest way to get this? >> >> Thomas >> ___ >> maemo-users mailing list >> maemo-users@maemo.org >> https://lists.maemo.org/mailman/listinfo/maemo-users >> > > For me and my way of thinking. Install Xterm... Install openssh (as apposed > to dropbear) from garage. open Xterm and do ssh [EMAIL PROTECTED] use > rootme > as the password. Add this line to /etc/sudoers > > user ALL=(ALL) NOPASSWD: ALL > > Now give bother the user named user and root real passwords. Once you do this > user, user can sudo su to root whenever you need it to. I also recommend > removing the ability of root to ssh directly after you have confirmed that > you can sudo. > > James > > > ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
On Wednesday 12 September 2007 12:39:52 Thomas Leavitt wrote: > What's the cleanest way to get this? > > Thomas > ___ > maemo-users mailing list > maemo-users@maemo.org > https://lists.maemo.org/mailman/listinfo/maemo-users For me and my way of thinking. Install Xterm... Install openssh (as apposed to dropbear) from garage. open Xterm and do ssh [EMAIL PROTECTED] use rootme as the password. Add this line to /etc/sudoers user ALL=(ALL) NOPASSWD: ALL Now give bother the user named user and root real passwords. Once you do this user, user can sudo su to root whenever you need it to. I also recommend removing the ability of root to ssh directly after you have confirmed that you can sudo. James -- READ CAREFULLY. By [accepting this material|accepting this payment|accepting this business-card|viewing this t-shirt|reading this sticker] you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies (”BOGUS AGREEMENTS”) that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer. ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Re: Questions #3: root
http://maemo.org/community/wiki/howto_easily_becomeroot/ Dan At 12:39 PM 9/12/2007, you wrote: >What's the cleanest way to get this? > >Thomas >___ >maemo-users mailing list >maemo-users@maemo.org >https://lists.maemo.org/mailman/listinfo/maemo-users ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users
Questions #3: root
What's the cleanest way to get this? Thomas ___ maemo-users mailing list maemo-users@maemo.org https://lists.maemo.org/mailman/listinfo/maemo-users