Query regd. rw rootfs

Jo-Philipp Wich jo at mein.io
Thu Jun 16 04:44:41 PDT 2022


> If the behavior is not same, can you let me know how "below" is 
> handled/taken care in OpenWRT? "changes made to sensitive files for e.g. 
> /etc/passwd (deleting a line. Deleting passwd file etc.) will have adverse 
> impact on security and some init scripts may not start etc."

OpenWrt does not have special handling for such situations. Users deleting
parts of vital system configuration files (or even entire files such as
libraries, init scripts etc.) will need to recover their system

What is the actual problem you are trying to solve? If a user possesses
enough permissions to modify /etc/passwd he might as well modify init scripts,
replace legitimate executables with malicious ones or simply replace the
running firmware altogether by reflashing another image.

I don't see the point in adding such "protections" aside from increasing code
complexity, bug and attack surface as well as required storage footprint.

~ Jo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20220616/94805a3f/attachment.sig>

More information about the openwrt-devel mailing list