Re: [PATCH] ramips: add support for Zbtlink ZBT-WG1602
On Tue, Nov 16, 2021 at 1:09 PM Sergey Ryazanov wrote: > Zbtlink ZBT-WG1602 is a Wi-Fi router intendent to use with WWAN > (UMTS/LTE/3G/4G) modems. The router board offsers a couple of miniPCIe > slots with USB and SIM only and another one pure miniPCIe slot as well > as five Gigabit Ethernet ports (4xLAN + WAN). Could the devs invest some time and apply this, please? If anything is wrong with the patch, please, let me know. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
11/23/21 12:20 PM, David Bauer:
Hello Enrico,
On 11/22/21 11:55, Enrico Mioso wrote:
When flashing a broken kernel, or an image where failsafe mode is no
more accessible, recoverying these devices can become needlessly painful.
Allow for easier recovery by unconditionally trying to get an
initramfs image over TFTP once before booting, thereby giving the user
a chance to sysupgrade to a working image.
As I've already explained, I don't like increasing the time necessary
for the device to boot.
Also, introducig such a method on a 4040 does not make sense, as its NOR
flash can be rewritten
from EVA.
That being said, unconditionally requesting a bootable image over the
network is a security
risk in itself.
I second that! Introducing a potential point of attack while having an
easy way of recovery via the EVA bootloader, is a no go.
Best regards
Mathias
NAND based ipq40xx boards from AVM also only allow
connections to their
bootloader on cold-boots for exactly this reason.
For example, if an attacker is able to create a kernel-panic, your patch
would enable him
to modify the router in case he is on the same network. A Pushbutton
TFTP procedure mitigates
this problem, as it depends on the attacker having physical access to
the device.
Recovery is - for all boards - possible using the AVM recovery tool or
manually patching the
U-Boot and sideloading via EVA. So a network request for a boot image
raises more problems than
it tries to solve.
Best
David
Signed-off-by: Enrico Mioso
CC: Christian Lamparter
CC: David Bauer
---
Reasons for this patch:
1 - There are situations where it can be nice to recover a device
without the AVM Recovery tool. In some cases the tool won't even be an
option (as far as I know, it exists only for Windows, or am I wrong?).
2 - Since the effort of creating a second-stage bootloader for these
devices has been carried out (thanks a lot for this!), I think it
makes sense to allow for things to be more friendly to developers and
users.
Side effects:
When nandboot fails, there will be TWO tftp requests with no delay
between them, then the sleep will kick in.
Possible "improvements":
Implementing a push-button method may be preferred. Still, I have no
easy way to attach an UART to the device right now.
Moreover, being able to do this "more" remotely would be a vaulable
feature to me.
Enrico
include/configs/fritz1200.h | 2 +-
include/configs/fritz3000.h | 2 +-
include/configs/fritz4040.h | 2 +-
include/configs/fritz7530.h | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/configs/fritz1200.h b/include/configs/fritz1200.h
index 90d5186..16152a3 100644
--- a/include/configs/fritz1200.h
+++ b/include/configs/fritz1200.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel &&
bootm\0" \
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run
tftpboot;\0" \
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz3000.h b/include/configs/fritz3000.h
index e383ffb..3440550 100644
--- a/include/configs/fritz3000.h
+++ b/include/configs/fritz3000.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel &&
bootm\0" \
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run
tftpboot;\0" \
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz4040.h b/include/configs/fritz4040.h
index 060afb0..582edfd 100644
--- a/include/configs/fritz4040.h
+++ b/include/configs/fritz4040.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=nboot firmware && bootm\0" \
"tftpboot=tftpsrv && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run
tftpboot;\0" \
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz7530.h b/include/configs/fritz7530.h
index b07ecfc..caecd5d 100644
--- a/include/configs/fritz7530.h
+++ b/include/configs/fritz7530.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel &&
bootm\0" \
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run
tftpboot;\0" \
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
___
openwrt-devel
[PATCH] procd: procd.sh: make no assumptions about init script path
Init scripts in /etc/init.d/ may be symlinks pointing elsewhere, so it
is not safe to assume that the basename of the real path is existing.
Instead of trying to reassemble the target path from the basename when
setting up triggers, trust the result of readlink and fall back to
`$initscript` which corresponds to `argv[0]` when readlink failed.
This fixes reload trigger setup for init script symlinks that point
to files with different base names.
Signed-off-by: Jo-Philipp Wich
---
package/system/procd/files/procd.sh | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/package/system/procd/files/procd.sh
b/package/system/procd/files/procd.sh
index 3549a5a914..5fc5441be0 100644
--- a/package/system/procd/files/procd.sh
+++ b/package/system/procd/files/procd.sh
@@ -299,11 +299,10 @@ _procd_add_interface_trigger() {
}
_procd_add_reload_interface_trigger() {
- local script=$(readlink "$initscript")
- local name=$(basename ${script:-$initscript})
+ local script=$(readlink -f "$initscript")
_procd_open_trigger
- _procd_add_interface_trigger "interface.*" $1 /etc/init.d/$name reload
+ _procd_add_interface_trigger "interface.*" $1 "${script:-$initscript}"
reload
_procd_close_trigger
}
@@ -424,13 +423,12 @@ _procd_add_raw_trigger() {
}
_procd_add_reload_trigger() {
- local script=$(readlink "$initscript")
- local name=$(basename ${script:-$initscript})
+ local script=$(readlink -f "$initscript")
local file
_procd_open_trigger
for file in "$@"; do
- _procd_add_config_trigger "config.change" "$file"
/etc/init.d/$name reload
+ _procd_add_config_trigger "config.change" "$file"
"${script:-$initscript}" reload
done
_procd_close_trigger
}
--
2.30.2
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] hostapd: allow hostapd under ujail to communicate with hostapd_cli
When procd-ujail is available, 1f785383875a runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).
hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:
CTRL: sendto failed: Permission denied
As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.
If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.
As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.
Cc: Daniel Golle
Signed-off-by: Mark Mentovai
---
.../610-hostapd_cli_ujail_permission.patch| 57 +++
1 file changed, 57 insertions(+)
create mode 100644
package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch
diff --git
a/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch
b/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch
new file mode 100644
index ..88a08e2aad0e
--- /dev/null
+++
b/package/network/services/hostapd/patches/610-hostapd_cli_ujail_permission.patch
@@ -0,0 +1,57 @@
+--- a/src/common/wpa_ctrl.c
b/src/common/wpa_ctrl.c
+@@ -130,29 +130,29 @@
+ (int) getpid(), counter);
+ }
+ if (os_snprintf_error(sizeof(ctrl->local.sun_path), ret)) {
+ close(ctrl->s);
+ os_free(ctrl);
+ return NULL;
+ }
+ tries++;
+-#ifdef ANDROID
++
+ /* Set client socket file permissions so that bind() creates the client
+* socket with these permissions and there is no need to try to change
+* them with chmod() after bind() which would have potential issues with
+* race conditions. These permissions are needed to make sure the server
+* side (wpa_supplicant or hostapd) can reply to the control interface
+* messages.
+*
+* The lchown() calls below after bind() are also part of the needed
+* operations to allow the response to go through. Those are using the
+* no-deference-symlinks version to avoid races. */
+ fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
+-#endif /* ANDROID */
++
+ if (bind(ctrl->s, (struct sockaddr *) >local,
+ sizeof(ctrl->local)) < 0) {
+ if (errno == EADDRINUSE && tries < 2) {
+ /*
+* getpid() returns unique identifier for this instance
+* of wpa_ctrl, so the existing socket file must have
+* been left by unclean termination of an earlier run.
+* Remove the file and try again.
+@@ -160,17 +160,21 @@
+ unlink(ctrl->local.sun_path);
+ goto try_again;
+ }
+ close(ctrl->s);
+ os_free(ctrl);
+ return NULL;
+ }
+
+-#ifdef ANDROID
++#ifndef ANDROID
++ /* Set group even if we do not have privileges to change owner */
++ lchown(ctrl->local.sun_path, -1, 101);
++ lchown(ctrl->local.sun_path, 101, 101);
++#else
+ /* Set group even if we do not have privileges to change owner */
+ lchown(ctrl->local.sun_path, -1, AID_WIFI);
+ lchown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);
+
+ if (os_strncmp(ctrl_path, "@android:", 9) == 0) {
+ if (socket_local_client_connect(
+ ctrl->s, ctrl_path + 9,
+ ANDROID_SOCKET_NAMESPACE_RESERVED,
--
2.32.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
Hello all!!
thanks for taking a look at this patch!
On Tue, 23 Nov 2021, David Bauer wrote:
Date: Tue, 23 Nov 2021 12:20:08
From: David Bauer
To: Enrico Mioso
Cc: Christian Lamparter ,
OpenWrt Development List
Subject: Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
Hello Enrico,
On 11/22/21 11:55, Enrico Mioso wrote:
When flashing a broken kernel, or an image where failsafe mode is no more
accessible, recoverying these devices can become needlessly painful.
Allow for easier recovery by unconditionally trying to get an initramfs
image over TFTP once before booting, thereby giving the user a chance to
sysupgrade to a working image.
As I've already explained, I don't like increasing the time necessary for the
device to boot.
I think there are some balances to be made here. Booting Windows doesn't take
less time, if access to a Windows installation is at all possible. :)
Also, introducig such a method on a 4040 does not make sense, as its NOR
flash can be rewritten
from EVA.
I am open to change this patch, but I think the feature is really needed here.
That being said, unconditionally requesting a bootable image over the network
is a security
risk in itself. NAND based ipq40xx boards from AVM also only allow
connections to their
bootloader on cold-boots for exactly this reason.
Good point. Still, implementing a push-button process would be a little bit
complicated for me. Any help would be greatly apreciated in this regard.
For example, if an attacker is able to create a kernel-panic, your patch
would enable him
to modify the router in case he is on the same network. A Pushbutton TFTP
procedure mitigates
this problem, as it depends on the attacker having physical access to the
device.
Recovery is - for all boards - possible using the AVM recovery tool or
manually patching the
U-Boot and sideloading via EVA. So a network request for a boot image raises
more problems than
it tries to solve.
Yes, sideloading is definitely an option, for sure. Still, I think we are being
too user unfriendly here for no good reason.
Maybe we can find a middleground here?
I don't think this patch is the ideal solution, but I think there should be an easier way
to recover a device, especially when it depends on "our" code.
Best
David
Signed-off-by: Enrico Mioso
CC: Christian Lamparter
CC: David Bauer
---
Reasons for this patch:
1 - There are situations where it can be nice to recover a device without
the AVM Recovery tool. In some cases the tool won't even be an option (as
far as I know, it exists only for Windows, or am I wrong?).
2 - Since the effort of creating a second-stage bootloader for these
devices has been carried out (thanks a lot for this!), I think it makes
sense to allow for things to be more friendly to developers and users.
Side effects:
When nandboot fails, there will be TWO tftp requests with no delay between
them, then the sleep will kick in.
Possible "improvements":
Implementing a push-button method may be preferred. Still, I have no easy
way to attach an UART to the device right now.
Moreover, being able to do this "more" remotely would be a vaulable feature
to me.
Enrico
include/configs/fritz1200.h | 2 +-
include/configs/fritz3000.h | 2 +-
include/configs/fritz4040.h | 2 +-
include/configs/fritz7530.h | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/configs/fritz1200.h b/include/configs/fritz1200.h
index 90d5186..16152a3 100644
--- a/include/configs/fritz1200.h
+++ b/include/configs/fritz1200.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0"
\
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0"
\
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz3000.h b/include/configs/fritz3000.h
index e383ffb..3440550 100644
--- a/include/configs/fritz3000.h
+++ b/include/configs/fritz3000.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0"
\
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0"
\
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz4040.h b/include/configs/fritz4040.h
index 060afb0..582edfd 100644
--- a/include/configs/fritz4040.h
+++ b/include/configs/fritz4040.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=nboot firmware && bootm\0" \
"tftpboot=tftpsrv && bootm; sleep 5; run tftpboot\0" \
-
Re: [PATCH] FritzBox-4040-UBOOT: Allow for easier devices recovery
Hello Enrico,
On 11/22/21 11:55, Enrico Mioso wrote:
When flashing a broken kernel, or an image where failsafe mode is no more
accessible, recoverying these devices can become needlessly painful.
Allow for easier recovery by unconditionally trying to get an initramfs image
over TFTP once before booting, thereby giving the user a chance to sysupgrade
to a working image.
As I've already explained, I don't like increasing the time necessary for the
device to boot.
Also, introducig such a method on a 4040 does not make sense, as its NOR flash
can be rewritten
from EVA.
That being said, unconditionally requesting a bootable image over the network
is a security
risk in itself. NAND based ipq40xx boards from AVM also only allow connections
to their
bootloader on cold-boots for exactly this reason.
For example, if an attacker is able to create a kernel-panic, your patch would
enable him
to modify the router in case he is on the same network. A Pushbutton TFTP
procedure mitigates
this problem, as it depends on the attacker having physical access to the
device.
Recovery is - for all boards - possible using the AVM recovery tool or manually
patching the
U-Boot and sideloading via EVA. So a network request for a boot image raises
more problems than
it tries to solve.
Best
David
Signed-off-by: Enrico Mioso
CC: Christian Lamparter
CC: David Bauer
---
Reasons for this patch:
1 - There are situations where it can be nice to recover a device without the
AVM Recovery tool. In some cases the tool won't even be an option (as far as I
know, it exists only for Windows, or am I wrong?).
2 - Since the effort of creating a second-stage bootloader for these devices
has been carried out (thanks a lot for this!), I think it makes sense to allow
for things to be more friendly to developers and users.
Side effects:
When nandboot fails, there will be TWO tftp requests with no delay between
them, then the sleep will kick in.
Possible "improvements":
Implementing a push-button method may be preferred. Still, I have no easy way
to attach an UART to the device right now.
Moreover, being able to do this "more" remotely would be a vaulable feature to
me.
Enrico
include/configs/fritz1200.h | 2 +-
include/configs/fritz3000.h | 2 +-
include/configs/fritz4040.h | 2 +-
include/configs/fritz7530.h | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/include/configs/fritz1200.h b/include/configs/fritz1200.h
index 90d5186..16152a3 100644
--- a/include/configs/fritz1200.h
+++ b/include/configs/fritz1200.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0"
\
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz3000.h b/include/configs/fritz3000.h
index e383ffb..3440550 100644
--- a/include/configs/fritz3000.h
+++ b/include/configs/fritz3000.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0"
\
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz4040.h b/include/configs/fritz4040.h
index 060afb0..582edfd 100644
--- a/include/configs/fritz4040.h
+++ b/include/configs/fritz4040.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=nboot firmware && bootm\0" \
"tftpboot=tftpsrv && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0"
\
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
diff --git a/include/configs/fritz7530.h b/include/configs/fritz7530.h
index b07ecfc..caecd5d 100644
--- a/include/configs/fritz7530.h
+++ b/include/configs/fritz7530.h
@@ -23,7 +23,7 @@
"mtdparts=" MTDPARTS_DEFAULT "\0" \
"nandboot=ubi part ubi && ubi read 0x8500 kernel && bootm\0" \
"tftpboot=tftpboot && bootm; sleep 5; run tftpboot\0" \
- "fritzboot=run nandboot || run tftpboot;\0" \
+ "fritzboot=tftpboot && bootm; run nandboot || run tftpboot;\0"
\
#undef V_PROMPT
#define V_PROMPT "(" CONFIG_MODEL ") # "
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
