On Mon, Apr 18, 2005 at 09:22:22PM +0300, [EMAIL PROTECTED] wrote: > I told him I'de sell tickets for his show, if he ever did it again.
I'll see this and raise you one. Some time ago I was working on a custom embedded PPC board (running Linux, naturally). After I finished hardening the system against intrusion, I disabled root access and logged off. There was a super secret sneaky method for enabling root access remotely, which I proceeded to try. The method was buggy and root access was not enabled. No worries, I still had serial console access. Which required root access. I also had a couple of open root logins on the board - until my X died. Oh shit. I then proceeded to try and break into the system I just finished hardening to (re)gain root priviledges. A few hours later, I gave up. Cooked up a RiscWatch, sacrificied some blood to the bare hardware gods, hooked it up, and proceeded to reflash a new kernel that should drop me into /bin/sh. Driving the RW was done from a machine several firewalls (and continents over), with the latency you would expect. It was done via a set of shell scripts that usually worked, except when they didn't and completely fried the board. Naturally, they were sensitive to timing. Amazingly, this time they worked. I rebooted the board, dropped into /bin/sh, was happy to discover that everything still worked, restored the old kernel and rebooted. As it was booting, I realized that I haven't enabled root access before rebooting... Cue several more hours of alternately massaging RiscWatch and banging head against wall. Eventually, root access is restored and I go home. Some mistakes you only make once. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/
signature.asc
Description: Digital signature
