search

kpwn / yalu102

incomplete iOS 10.2 jailbreak for 64 bit devices by qwertyoruiopz and marcograssi
Do What The F*ck You Want To Public License
1.77k stars 554 forks source link

Change Dropbear port to 2222 #361

Open dareal68 opened 7 years ago

dareal68 commented 7 years ago

By using port 2222 we are able to connect to localhost with App Store SSH client app like Blink Shell or Prompt 2

mologie commented 7 years ago

This would introduce a security issue and should not be made the standard configuration. Apps could gain root privileges through your change if the user did not change the root password.

nullpixel commented 7 years ago

if the user did not change the root password

Apps could do this anyway if you never changed the root pass. You could do many things like that, so your argument is invalid

dareal68 commented 7 years ago

Who does not change a password that he did not choose himself. We talk about a security issue on a platform compromised by the jailbreak itself. I take the risk, am I crazy? Let me know. Thanks

mologie commented 7 years ago

Apps could do this anyway if you never changed the root pass. You could do many things like that, so your argument is invalid

@nullpixel1, In that case, please explain to me how an app is going to become root if they cannot access the locally running SSH server thanks to the sandbox and cannot exploit the kernel thanks to yalu102's patching the bug it exploits.

Who does not change a password that he did not choose himself. We talk about a security issue on a platform compromised by the jailbreak itself.

@dareal68, Most people who install this jailbreak do not even know what a root account is. Thus, neither will most people change their root password. The jailbreak does reduce security, but does not install open backdoors.

dareal68 commented 7 years ago

@Mologie If I understand correctly, the best solution for me would be to unsandbox my SSH client app. In this way, only this application will have access to the SSH server on port 22.

Do you think it's a better solution to the change I made?

mologie commented 7 years ago

@dareal68, your change is fine and in fact the easiest solution for your phone. By all means, use it on yours - there's hardly a better solution around the sandbox restriction.

However, I do not think that your solution should be installed on all phones which install Yalu, because even though you did change your root/mobile passwords (you did, right?), most people will not. That is the only reason why I disagree with your request to have this pulled into the main code base. Technically, what you did is just fine. The issue here is your average users.

x86shell commented 7 years ago

If you want to change the port you can but its better off leaving it on p22

ann0see commented 7 years ago

I would include a (defaulted to off) switch to Yalu 102 that tells yalu to set the configuration either to port 22 or yours. (I'd add an "options" menu somewhere)... And if somebody switches the Button to on the value of the button should be saved let's say in /.yalussh and should be read by Yalu after a reboot. If you decide to set the port to 2222 there should be a warning.