auto login / remote logins / multi user
Stefan Sperling
stsp at stsp.in-berlin.de
Sun Aug 13 23:14:40 CEST 2006
On Sun, Aug 13, 2006 at 08:51:18PM +0200, Tobias Gruetzmacher wrote:
> > This would make multi-user support available instantly.
> > Going multi-user would of course defeat auto login from
> > /etc/inittab again.
>
> I'm not very familiar with the exact concept of the hardware, but I
> thought since the DS has no MMU there is no memory protection and
> therefore every user can always access the whole memory so a "root
> exploit" would be trivial? Correct me if I'm wrong, but wouldn't that
> defeat the purpose of a multi-user-system?
Not exactly defeat it. If people want to share their DS and
dslinux installation it would be nice for them to have different
users.
But you have a point. People who want to get at your /etc/passwd
are probably smart enough to write a local root exploit for
DSLinux as well. If you don't count script kiddies.
However, currently, they don't even *have* to get at your
/etc/passwd to get your root password. They just have to surf
the wiki or Kineox' site.
> In case I'm wrong above, there is another solution: Put an overlay over
> the FAT filesystem which emulates UNIX permissions. Since UMSDOS is
> quite dead, using FUSE would probably be an option, but someone would
> have to write the fuse-permission-emulator...
/me thinks "memory"
--
stefan
http://stsp.in-berlin.de PGP Key: 0xF59D25F0
More information about the dslinux-devel
mailing list