Re: [PATCH] ramips: add support for Zbtlink ZBT-WG1602
On Tue, Nov 16, 2021 at 1:09 PM Sergey Ryazanov wrote: > Zbtlink ZBT-WG1602 is a Wi-Fi router intendent to use with WWAN > (UMTS/LTE/3G/4G) modems. The router board offsers a couple of miniPCIe > slots with USB and SIM only and another one pure miniPCIe slot as well > as five Gigabit Ethernet ports (4xLAN + WAN). Could the devs invest some time and apply this, please? If anything is wrong with the patch, please, let me know. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
11/23/21 12:20 PM, David Bauer: Hello Enrico, On 11/22/21 11:55, Enrico Mioso wrote: When flashing a broken kernel, or an image where failsafe mode is no more accessible, recoverying these devices can become needlessly painful. Allow for easier recovery by unconditionally trying to get an initramfs image over TFTP once before booting, thereby giving the user a chance to sysupgrade to a working image. As I've already explained, I don't like increasing the time necessary for the device to boot. Also, introducig such a method on a 4040 does not make sense, as its NOR flash can be rewritten from EVA. That being said, unconditionally requesting a bootable image over the network is a security risk in itself. I second that! Introducing a potential point of attack while having an easy way of recovery via the EVA bootloader, is a no go. Best regards Mathias NAND based ipq40xx boards from AVM also only allow connections to their bootloader on cold-boots for exactly this reason. For example, if an attacker is able to create a kernel-panic, your patch would enable him to modify the router in case he is on the same network. A Pushbutton TFTP procedure mitigates this problem, as it depends on the attacker having physical access to the device. Recovery is - for all boards - possible using the AVM recovery tool or manually patching the U-Boot and sideloading via EVA. So a network request for a boot image raises more problems than it tries to solve. Best David Signed-off-by: Enrico Mioso CC: Christian Lamparter CC: David Bauer --- Reasons for this patch: 1 - There are situations where it can be nice to recover a device without the AVM Recovery tool. In some cases the tool won't even be an option (as far as I know, it exists only for Windows, or am I wrong?). 2 - Since the effort of creating a second-stage bootloader for these devices has been carried out (thanks a lot for this!), I think it makes sense to allow for things to be more friendly to developers and users. Side effects: When nandboot fails, there will be TWO tftp requests with no delay between them, then the sleep will kick in. Possible "improvements": Implementing a push-button method may be preferred. Still, I have no easy way to attach an UART to the device right now. Moreover, being able to do this "more" remotely would be a vaulable feature to me. Enrico include/configs/fritz1200.h | 2 +- include/configs/fritz3000.h | 2 +- include/configs/fritz4040.h | 2 +- include/configs/fritz7530.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/configs/fritz1200.h b/include/configs/fritz1200.h index 90d5186..16152a3 100644 --- a/include/configs/fritz1200.h +++ b/include/configs/fritz1200.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz3000.h b/include/configs/fritz3000.h index e383ffb..3440550 100644 --- a/include/configs/fritz3000.h +++ b/include/configs/fritz3000.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz4040.h b/include/configs/fritz4040.h index 060afb0..582edfd 100644 --- a/include/configs/fritz4040.h +++ b/include/configs/fritz4040.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=nboot firmware && bootm\0" \ "tftpboot=tftpsrv && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz7530.h b/include/configs/fritz7530.h index b07ecfc..caecd5d 100644 --- a/include/configs/fritz7530.h +++ b/include/configs/fritz7530.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " ___ openwrt-devel
[PATCH] procd: procd.sh: make no assumptions about init script path
Init scripts in /etc/init.d/ may be symlinks pointing elsewhere, so it is not safe to assume that the basename of the real path is existing. Instead of trying to reassemble the target path from the basename when setting up triggers, trust the result of readlink and fall back to `$initscript` which corresponds to `argv[0]` when readlink failed. This fixes reload trigger setup for init script symlinks that point to files with different base names. Signed-off-by: Jo-Philipp Wich --- package/system/procd/files/procd.sh | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/package/system/procd/files/procd.sh b/package/system/procd/files/procd.sh index 3549a5a914..5fc5441be0 100644 --- a/package/system/procd/files/procd.sh +++ b/package/system/procd/files/procd.sh @@ -299,11 +299,10 @@ _procd_add_interface_trigger() { } _procd_add_reload_interface_trigger() { - local script=$(readlink "$initscript") - local name=$(basename ${script:-$initscript}) + local script=$(readlink -f "$initscript") _procd_open_trigger - _procd_add_interface_trigger "interface.*" $1 /etc/init.d/$name reload + _procd_add_interface_trigger "interface.*" $1 "${script:-$initscript}" reload _procd_close_trigger } @@ -424,13 +423,12 @@ _procd_add_raw_trigger() { } _procd_add_reload_trigger() { - local script=$(readlink "$initscript") - local name=$(basename ${script:-$initscript}) + local script=$(readlink -f "$initscript") local file _procd_open_trigger for file in "$@"; do - _procd_add_config_trigger "config.change" "$file" /etc/init.d/$name reload + _procd_add_config_trigger "config.change" "$file" "${script:-$initscript}" reload done _procd_close_trigger } -- 2.30.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] hostapd: allow hostapd under ujail to communicate with hostapd_cli
When procd-ujail is available, 1f785383875a runs hostapd as user "network", with only limited additional capabilities (CAP_NET_ADMIN and CAP_NET_RAW). hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd over a named UNIX-domain socket. hostapd_cli is responsible for creating this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as root, this endpoint is normally created with uid root, gid root, mode 0755. As a result, hostapd running as uid network is able to receive control messages sent through this interface, but is not able to respond to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY <= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device), this message will appear from hostapd: CTRL: sendto failed: Permission denied As a fix, hostapd_cli should create the socket node in the filesystem with uid network, gid network, mode 0770. This borrows the presently Android-only strategy already in hostapd intended to solve the same problem on Android. If procd-ujail is not available and hostapd falls back to running as root, it will still be able to read from and write to the socket even if the node in the filesystem has been restricted to the network user and group. This matches the logic in package/network/services/hostapd/files/wpad.init, which sets the uid and gid of /var/run/hostapd to network regardless of whether procd-ujail is available. As it appears that the "network" user and group are statically allocated uid 101 and gid 101, respectively, per package/base-files/files/etc/passwd and USERID in package/network/services/hostapd/Makefile, this patch also uses a constant 101 for the uid and gid. Cc: Daniel Golle Signed-off-by: Mark Mentovai --- .../610-hostapd_cli_ujail_permission.patch| 57 +++ 1 file changed, 57 insertions(+) create mode 100644 package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch diff --git a/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch b/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch new file mode 100644 index ..88a08e2aad0e --- /dev/null +++ b/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch @@ -0,0 +1,57 @@ +--- a/src/common/wpa_ctrl.c b/src/common/wpa_ctrl.c +@@ -130,29 +130,29 @@ + (int) getpid(), counter); + } + if (os_snprintf_error(sizeof(ctrl->local.sun_path), ret)) { + close(ctrl->s); + os_free(ctrl); + return NULL; + } + tries++; +-#ifdef ANDROID ++ + /* Set client socket file permissions so that bind() creates the client +* socket with these permissions and there is no need to try to change +* them with chmod() after bind() which would have potential issues with +* race conditions. These permissions are needed to make sure the server +* side (wpa_supplicant or hostapd) can reply to the control interface +* messages. +* +* The lchown() calls below after bind() are also part of the needed +* operations to allow the response to go through. Those are using the +* no-deference-symlinks version to avoid races. */ + fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); +-#endif /* ANDROID */ ++ + if (bind(ctrl->s, (struct sockaddr *) >local, + sizeof(ctrl->local)) < 0) { + if (errno == EADDRINUSE && tries < 2) { + /* +* getpid() returns unique identifier for this instance +* of wpa_ctrl, so the existing socket file must have +* been left by unclean termination of an earlier run. +* Remove the file and try again. +@@ -160,17 +160,21 @@ + unlink(ctrl->local.sun_path); + goto try_again; + } + close(ctrl->s); + os_free(ctrl); + return NULL; + } + +-#ifdef ANDROID ++#ifndef ANDROID ++ /* Set group even if we do not have privileges to change owner */ ++ lchown(ctrl->local.sun_path, -1, 101); ++ lchown(ctrl->local.sun_path, 101, 101); ++#else + /* Set group even if we do not have privileges to change owner */ + lchown(ctrl->local.sun_path, -1, AID_WIFI); + lchown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI); + + if (os_strncmp(ctrl_path, "@android:", 9) == 0) { + if (socket_local_client_connect( + ctrl->s, ctrl_path + 9, + ANDROID_SOCKET_NAMESPACE_RESERVED, -- 2.32.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
Hello all!! thanks for taking a look at this patch! On Tue, 23 Nov 2021, David Bauer wrote: Date: Tue, 23 Nov 2021 12:20:08 From: David Bauer To: Enrico Mioso Cc: Christian Lamparter , OpenWrt Development List Subject: Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery Hello Enrico, On 11/22/21 11:55, Enrico Mioso wrote: When flashing a broken kernel, or an image where failsafe mode is no more accessible, recoverying these devices can become needlessly painful. Allow for easier recovery by unconditionally trying to get an initramfs image over TFTP once before booting, thereby giving the user a chance to sysupgrade to a working image. As I've already explained, I don't like increasing the time necessary for the device to boot. I think there are some balances to be made here. Booting Windows doesn't take less time, if access to a Windows installation is at all possible. :) Also, introducig such a method on a 4040 does not make sense, as its NOR flash can be rewritten from EVA. I am open to change this patch, but I think the feature is really needed here. That being said, unconditionally requesting a bootable image over the network is a security risk in itself. NAND based ipq40xx boards from AVM also only allow connections to their bootloader on cold-boots for exactly this reason. Good point. Still, implementing a push-button process would be a little bit complicated for me. Any help would be greatly apreciated in this regard. For example, if an attacker is able to create a kernel-panic, your patch would enable him to modify the router in case he is on the same network. A Pushbutton TFTP procedure mitigates this problem, as it depends on the attacker having physical access to the device. Recovery is - for all boards - possible using the AVM recovery tool or manually patching the U-Boot and sideloading via EVA. So a network request for a boot image raises more problems than it tries to solve. Yes, sideloading is definitely an option, for sure. Still, I think we are being too user unfriendly here for no good reason. Maybe we can find a middleground here? I don't think this patch is the ideal solution, but I think there should be an easier way to recover a device, especially when it depends on "our" code. Best David Signed-off-by: Enrico Mioso CC: Christian Lamparter CC: David Bauer --- Reasons for this patch: 1 - There are situations where it can be nice to recover a device without the AVM Recovery tool. In some cases the tool won't even be an option (as far as I know, it exists only for Windows, or am I wrong?). 2 - Since the effort of creating a second-stage bootloader for these devices has been carried out (thanks a lot for this!), I think it makes sense to allow for things to be more friendly to developers and users. Side effects: When nandboot fails, there will be TWO tftp requests with no delay between them, then the sleep will kick in. Possible "improvements": Implementing a push-button method may be preferred. Still, I have no easy way to attach an UART to the device right now. Moreover, being able to do this "more" remotely would be a vaulable feature to me. Enrico include/configs/fritz1200.h | 2 +- include/configs/fritz3000.h | 2 +- include/configs/fritz4040.h | 2 +- include/configs/fritz7530.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/configs/fritz1200.h b/include/configs/fritz1200.h index 90d5186..16152a3 100644 --- a/include/configs/fritz1200.h +++ b/include/configs/fritz1200.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz3000.h b/include/configs/fritz3000.h index e383ffb..3440550 100644 --- a/include/configs/fritz3000.h +++ b/include/configs/fritz3000.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz4040.h b/include/configs/fritz4040.h index 060afb0..582edfd 100644 --- a/include/configs/fritz4040.h +++ b/include/configs/fritz4040.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=nboot firmware && bootm\0" \ "tftpboot=tftpsrv && bootm; sleep 5; run tftpboot\0" \ -
Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
Hello Enrico, On 11/22/21 11:55, Enrico Mioso wrote: When flashing a broken kernel, or an image where failsafe mode is no more accessible, recoverying these devices can become needlessly painful. Allow for easier recovery by unconditionally trying to get an initramfs image over TFTP once before booting, thereby giving the user a chance to sysupgrade to a working image. As I've already explained, I don't like increasing the time necessary for the device to boot. Also, introducig such a method on a 4040 does not make sense, as its NOR flash can be rewritten from EVA. That being said, unconditionally requesting a bootable image over the network is a security risk in itself. NAND based ipq40xx boards from AVM also only allow connections to their bootloader on cold-boots for exactly this reason. For example, if an attacker is able to create a kernel-panic, your patch would enable him to modify the router in case he is on the same network. A Pushbutton TFTP procedure mitigates this problem, as it depends on the attacker having physical access to the device. Recovery is - for all boards - possible using the AVM recovery tool or manually patching the U-Boot and sideloading via EVA. So a network request for a boot image raises more problems than it tries to solve. Best David Signed-off-by: Enrico Mioso CC: Christian Lamparter CC: David Bauer --- Reasons for this patch: 1 - There are situations where it can be nice to recover a device without the AVM Recovery tool. In some cases the tool won't even be an option (as far as I know, it exists only for Windows, or am I wrong?). 2 - Since the effort of creating a second-stage bootloader for these devices has been carried out (thanks a lot for this!), I think it makes sense to allow for things to be more friendly to developers and users. Side effects: When nandboot fails, there will be TWO tftp requests with no delay between them, then the sleep will kick in. Possible "improvements": Implementing a push-button method may be preferred. Still, I have no easy way to attach an UART to the device right now. Moreover, being able to do this "more" remotely would be a vaulable feature to me. Enrico include/configs/fritz1200.h | 2 +- include/configs/fritz3000.h | 2 +- include/configs/fritz4040.h | 2 +- include/configs/fritz7530.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/configs/fritz1200.h b/include/configs/fritz1200.h index 90d5186..16152a3 100644 --- a/include/configs/fritz1200.h +++ b/include/configs/fritz1200.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz3000.h b/include/configs/fritz3000.h index e383ffb..3440550 100644 --- a/include/configs/fritz3000.h +++ b/include/configs/fritz3000.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz4040.h b/include/configs/fritz4040.h index 060afb0..582edfd 100644 --- a/include/configs/fritz4040.h +++ b/include/configs/fritz4040.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=nboot firmware && bootm\0" \ "tftpboot=tftpsrv && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " diff --git a/include/configs/fritz7530.h b/include/configs/fritz7530.h index b07ecfc..caecd5d 100644 --- a/include/configs/fritz7530.h +++ b/include/configs/fritz7530.h @@ -23,7 +23,7 @@ "mtdparts=" MTDPARTS_DEFAULT "\0" \ "nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \ "tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \ - "fritzboot=run nandboot || run tftpboot;\0" \ + "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0" \ #undef V_PROMPT #define V_PROMPT "(" CONFIG_MODEL ") # " ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org