Thread: [Fun/Learning] Root access on freshly flashed N900 using on-device tools only
View Single Post
reinob is offline reinob
2015-01-20 , 09:30
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#8
Originally Posted by wicket View Post
Great work and many thanks for providing a much saner approach to gain root access.

This does however highlight that HAM is broken by design and could easily be exploited by an attacker to gain root access using your method. A short term fix might be to identify the setuid executable that is used by HAM to gain root access, remove the setuid bit and then invoke it using the now secure sudo instead.

This also illustrates another of Fremantle's many bad design decisions and another reason why I think the future of the N900 lies with native Debian.
HAM uses /etc/sudoers.d/hildon-application-manager.sudoers, which allows passwordless sudo for apt-worker (as well as for hildon-application-manager-util to handle repositories).

So no setuid here. If you force a password then I suppose HAM will just stop working because sudo will ask for a password without having a terminal for I/O. I suppose we could install some sort of graphical sudo ("gksudo" or whatever) and patch HAM to use it instead of "sudo apt-worker"..
 

The Following 7 Users Say Thank You to reinob For This Useful Post: