On 01/06/2014 14:26, Daniel Golle wrote:
> Hi John,
>
> On 06/01/2014 08:01 AM, John Crispin wrote:
>> On 01/06/2014 05:13, Daniel Golle wrote:
>>> sysupgrade needs to run as the only process on devices having
>>> their rootfs on block and ubi. Introduce an exec call to be
>>> used by sysupgrade for that purpose.
>>
>> nak, this is a huge security hole
>
> I also thought so, but realized that taling to ubus requires root
> privileges and who ever got root privileges can as well just
> replace /etc/inittab or send SIGKILL to procd or ... or ... ...
>
that is why we are working on
*) non root ubus access
*) dropping all daemons to the nobody uid
John
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
