Archive for March 15th, 2009

NSS4000 / NSS6000 Update

Linksys has transferred maintenance of the NSS products (and others) to Cisco. As part of this, Cisco released a new version of the firmware for the NSS4000 / NSS6000, version 1.14-20.

One of the things Cisco claims for this release is “improved security”. Apparently, as part of this some of the tricks on my previous page don’t work any more. So here are some updates:

1) dropbear – /linuxrwfs/etc/init.d/S02hwdep is now a link to /etcrc/init.d/_hwdep, which is on a read-only filesystem and can’t be edited. Fortunately, /linuxrwfs is still read-write, so just do: cd /linuxrwfs/etc/init.d; mv S02hwdep S02hwdep_old; cp -p /etcrc/init.d/_hwdep ./S02hwdep and then edit the file as described in my previous post.

2) su – /usr/sbin/busybox will complain “su: This applet requires root priviledges!” if you try to issue the su command. To get around this, do: cp -p /bin/busybox /etc/busybox; chmod 4555 /etc/busybox. Then use /etc/busybox su to su. Don’t forget that users need to be listed in the wheel entry in /etc/group as well.

3) passwd – when I tried to add a new user, while I could edit the passwd file, when I tried to change the password for that user, the user wouldn’t show up in the shadow password file. The solution was to copy one of the other lines in the shadow file, change the username, and re-issue the passwd command.