NSS4000 / NSS6000 Update
Linksys has transferred maintenance of the NSS products (and others) to Cisco. As part of this, Cisco released a new version of the firmware for the NSS4000 / NSS6000, version 1.14-20.
One of the things Cisco claims for this release is “improved security”. Apparently, as part of this some of the tricks on my previous page don’t work any more. So here are some updates:
1) dropbear – /linuxrwfs/etc/init.d/S02hwdep is now a link to /etcrc/init.d/_hwdep, which is on a read-only filesystem and can’t be edited. Fortunately, /linuxrwfs is still read-write, so just do: cd /linuxrwfs/etc/init.d; mv S02hwdep S02hwdep_old; cp -p /etcrc/init.d/_hwdep ./S02hwdep and then edit the file as described in my previous post.
2) su – /usr/sbin/busybox will complain “su: This applet requires root priviledges!” if you try to issue the su command. To get around this, do: cp -p /bin/busybox /etc/busybox; chmod 4555 /etc/busybox. Then use /etc/busybox su to su. Don’t forget that users need to be listed in the wheel entry in /etc/group as well.
3) passwd – when I tried to add a new user, while I could edit the passwd file, when I tried to change the password for that user, the user wouldn’t show up in the shadow password file. The solution was to copy one of the other lines in the shadow file, change the username, and re-issue the passwd command.
November 27th, 2009 03:47
A comment to 1) dropbear
I think, Linux start services in alphabetical order of file names -> the service “S02hwdep_old” close the dropbear. It is better you remove the original “S02hwdep” (it is only a symbol link) or rename to e.g. “S02hwde” – the system start first S02hwde and second the S02hwdep service and the dropbear still open.