PINE64   ›   PINE A64(+)   ›   Linux on Pine A64(+)   ›   Back Door found in Allwinner Kernels

Thread Closed 
Back Door found in Allwinner Kernels
BuildTheRobots
Pine Initiate
**
Joined: Apr 2016
Posts: 2

Reputation: 0
#1
Shocked  05-11-2016, 08:41 AM
Don't have my board available to test, but does anyone know if this issue effects the Pine64 linux (and potentially android) images?

Article: http://www.theregister.co.uk/2016/05/09/..._backdoor/

also comments on HackerNews: https://news.ycombinator.com/item?id=11672590


tldr: if `/proc/sunxi_debug/sunxi_debug` exists, try writing "rootmydevice" to it - the process that does gets root.
tkaiser
Pine Scholar
****
Joined: Dec 2015
Posts: 450

Reputation: 51
#2
05-11-2016, 08:52 AM (This post was last modified: 05-11-2016, 08:53 AM by tkaiser.)
If people would start to click on the links in articles they link to then this FUD would've already stopped. 'Original' article linked to: http://forum.armbian.com/index.php/topic...-h3a83th8/

Time between issue detected and confirmed that's a non issue for A64 BSP kernel by longsleep: 5 MINUTES http://irclog.whitequark.org/linux-sunxi...9#16314390 (look at the timestamps).

Time it took to start the usual Allwinner bashing using wrong claims all Allwinner devices would be affected: Over a week.

And BTW: It's not a backdoor, it's just a nice local privileges escalation  Tongue
Armbian for Pine64+ | Pine64 in linux-sunxi wiki
BuildTheRobots
Pine Initiate
**
Joined: Apr 2016
Posts: 2

Reputation: 0
#3
05-11-2016, 09:06 AM
(05-11-2016, 08:52 AM)tkaiser Wrote: If people would start to click on the links in articles they link to then this FUD would've already stopped. 'Original' article linked to: http://forum.armbian.com/index.php/topic...-h3a83th8/

Time between issue detected and confirmed that's a non issue for A64 BSP kernel by longsleep: 5 MINUTES http://irclog.whitequark.org/linux-sunxi...9#16314390 (look at the timestamps).

Time it took to start the usual Allwinner bashing using wrong claims all Allwinner devices would be affected: Over a week.

And BTW: It's not a backdoor, it's just a nice local privileges escalation  Tongue

Wasn't aware of the armbian site, though it's now bookmarked; thank you. Obviously wasn't aware of the irc logs though it's nice to be able to reference them; thank you agian.
Title was copy/pasted from the register article; deliberately not edited as I didn't want to be accused of prejudice.

tldr: nothing to see, no excitement, move along - which is probably the best outcome if slightly less exciting than I was hoping for Wink
nomadewolf
Pine Adept
***
Joined: Dec 2015
Posts: 56

Reputation: 7
#4
05-14-2016, 04:04 AM
This is very bad.
But it sheds some light on why Allwinner refuses to cooperate with open source...
Thread Closed 


Possibly Related Threads…
Thread Author Replies Views Last Post
  Found this fully working RASPBIAN Image that boots to desktop speedro86 21 31,529 10-07-2017, 10:06 PM
Last Post: speedro86
  Allwinner DE2.0 User Manual xalius 3 8,372 09-20-2016, 01:05 AM
Last Post: tllim
  Collaboration from Allwinner tllim 43 72,984 05-02-2016, 11:51 PM
Last Post: tkaiser
  Encoder for Allwinner H3 based SOCs (alpha state) taros 0 3,726 03-16-2016, 12:20 PM
Last Post: taros
  Allwinner Mali Information? KPhillisJr 2 7,057 01-14-2016, 03:05 AM
Last Post: taros

Forum Jump:


Users browsing this thread: 1 Guest(s)