root password

[deathkill]

would setting a password for root be a bad idea?
iow, would it break things?

[f0x0r]

Why would you want to? Are you afraid someone is going to hack your A780?

[peter_1580]

Hi,
I think we don't get write permission on the /etc ( I just tried to create /etc/defaultrouter - it didn't work) directory -> you can't set root PW. or maybe existing files can be edited. Try it out!

Bye,
Peter

[samr7]

Files in /etc reside on the root filesystem. This is formatted as a cramfs volume -- compressed RAM filesystem. Perhaps slightly misnamed, it is by nature read-only and the only way to alter files is to recreate the whole filesystem image.

There are a few hacks that might improve the situation. Mack has a unionfs mod under development that supports an overlay concept. Another method is to re-create the root filesystem with files you want modifiable as symlinks to a writable filesystem (/tmp, /diska, /ezxlocal), but you'd also have to ensure that the targets exist.

The password thing seems like a minor concern. A successful hack could only be done when telnetd was running, and would have to come from one of the addresses in /etc/hosts.allow -- limited to 169.254.* and 192.168.1.* in my firmware. This seems quite secure, except for the possibility of a malicious GPRS service provider, who could choose one of those address ranges for PPP and root your phone over the air.

[mack]

Indeed, one of the first things I did once I got unionfs running, was to set a passwd for root, and also create another acct with an actual homedir and everything.

As for /etc/hosts.allow, I think only telnetd consults it. The real problem is smbd. It doesn't consult the normal passwd file and just allows full access to everything. I messed with its config file as well, but decided to use iptables to block it from the GPRS interface and from any IP but my laptop anyway.

If anyone familiar with samba could post a config file that consults a passwd file and doesn't allow guest access, it would be a good addition.

[peter_1580]

Samba:

there can be other authentication methods set in smb.conf:
security = user
smb passwd file = path_to_your_smbpasswd_file
Anyway, I would suggest to create a non privileged user, set smb.conf "allow user" option to let only this user to connect, and "force user" to this user as well, just to protect the system files from overwite.
You can use the "bind interfaces only" parameter (global) as well, to restrict access.

Bye,
Peter

[deathkill]

why would i want to set a root password?
i'm not so much worried about being hacked over some network,
my concern rather is the fact that contrary to a server in a rack behind several locked doors, this phone is in my pocket.

just want to make it harder for the person that might steal it i guess.

[mack]

peter_1580, thanks for the tip. Feels much better now.

deathkill: If your purpose is to make life harder on a thief who steals your phone, there are much better things you can do besides setting a root passwd. Lets just say that if someone steals my phone and is stupid enough to boot it with his own SIM and let it connect to the network, he'll be sorry he did. It'll cost him much more than the price of the phone...

[drait]

Lets just say that if someone steals my phone and is stupid enough to boot it with his own SIM and let it connect to the network, he'll be sorry he did. It'll cost him much more than the price of the phone...

Are you saying that you've got some kind of nifty anti-phone jacking feature(s) that activate upon insertion of an unrecognized SIM? That's awesome Please enlighten us!

One neat feature that I miss from my Nokia 9500 was the remote locking via SMS. In the unfortunate event of a phone theft/loss, you could text your phone a preset password and upon receipt, it would lock the device permanently with your PIN and also text you back letting you know it was successful. At the very least, you could rest easy knowing whoever found/jacked your $700 Communicator couldn't even use it in WiFi-only mode