Shell out tour#
Wed, 08 Aug 2018 12:51:52 +0000
Nothing to show this week. I have more or less proved to my own satisfaction that I can reboot into a new image using kexec and a small C program and some shell scripts. This came at at considerable personal mental cost, but that's what happens when trying to do text processing in a Bourne shell (not bash) script without falling back on awk or sed (not installed). Associative arrays would have been nice. Actually, just arrays in general would have been a help.
The C program is called writemem
and is approximately the moral
equivalent of cat | dd seek=N of=/dev/mem bs=1
except that it writes
in blocks bigger than 1 byte. Just the kind of thing your security
auditor wants to find left lying around on random systems, yeah. I
can see a need for some proper thought on security posture in the near
future: although no-web-interface and
ssh-only-with-a-pubkey-embedded-at-build-time probably makes it less
of a target than any consumer D-Linksysgear box in its default
configuration, there's probably still a lot more to do on that front.
The attack we want to protect against is (1) being able to write to
random locations in physical memory; (2) being able to reboot into
random kernels using kexec; (3) being able to flash anything we like;
(4) all of the above. Probably (4)
There will be one user-visible change when this stuff lands: whereas
previously we produced separate files for kernel and rootfs when doing
a "development" build, now we make a single agglomerated firmware
image and rely on the kernel mtdsplit
code to find the root
filesystem. This is because step 1 of the headless upgrade
procedure is
to reboot into the current kernel with an additional memmap
parameter, so in the case that the current kernel is running from RAM
we need the original uImage to still be accessible and not to have
been overwritten since boot. It also makes the build a bit more
consistent between dev and production, which is a nice side effect.
First things first, though: need to get it into a state where I can actually commit something. Last night I dreamt I was in a bacon-eating competition where the goal was to consume as much as possible during a MongoDB cluster election before a new primary was chosen, but I woke up before the contest finished. I mention this just to give you an idea of where my brain is right now, but it is probably not a very good idea.