[CentOS] Re: centos] GSM back door to shell with Centos and Palm handhelds
R P Herrold
herrold at owlriver.com
Tue Aug 8 21:22:39 UTC 2006
On Tue, 8 Aug 2006, J.J. Garcia wrote:
> First, this motorolla has an usb interface to the host, it's quite
> simple to attach the phone to the host running CentOs, i dont like very
> much usb 'things' but things are like this... anyway, if you do so
> Then, in /dev you will have:
>
> [root at spoolbox crash]# l /dev/ttyACM0
> crw------- 1 root root 166, 0 ago 8 20:54 /dev/ttyACM0
yes - USB devices are nasty, and the PPPD has to manage serial
devices as root.
Pretty definitionally, one has to have physical access to a
host to plug a USB device into it -- the site admin (at least
in the BIOS' I have deployed commercially) can, but may not
have chosen to, disable USB devices, non-hard drive boot
devices, etc., and so a local (mis)configuration may result in
escalated privs.
Of course the admin may not have put a cable lock through the
Kensington lock port, or an end user could bash in a plastic
dress plate to pull out a HD and mount it on a nearby box with
a live CD, even if the admin did.
Remote roots are interesting; local accounts escalation less
so; physically available hosts not so much.
It was a fun report to see, and I would encourage upstreaming
it to Red Hat.
- Russ Herrold
More information about the CentOS
mailing list