PDA

View Full Version : iLiad How to get 2.7.1 without closing holes

Mike Kostousov
10-25-2006, 07:29 AM
Hello!

For them, who are really interesed in new patch but still want to have some place to play :) I tried to download update without updating. I just canceled update in the right time. I have no time to discover what they have realy done in this patch, but if some body wants - see attachment.
design256
10-25-2006, 07:44 AM
Hello!

For them, how are really interesed in new patch but still want to have some place to play :) I tried to download update without updating. I just canceled update it in right time. I have no time for discover what they realy done in this patch, but if some body wants - see attachment.

Thanks Mike. You've saved me lots of worry. Loads of ways to leave a backdoor in place now we know what's in it. Major changes look like:

Xfbdev in start.sh now run with -nolisten tcp :wink:


main updated files:

browser
connectionMgr
contentLister
downloadMgr
ipdf (replaces xpdf in er_registry - I wonder why...)
mb-applet-icon-container
Mike Kostousov
10-25-2006, 07:56 AM
ipdf (replaces xpdf in er_registry - I wonder why...)

I see libpoppler in /usr/lib. It is pdf rendering library, it is based on xpdf. poppler team works together with kpdf project, so this library are in develop. ipdf can be quicker..
TadW
10-25-2006, 08:35 AM
Excellent Mike.

Is the patch everything that is being executed during the update? I don't see any attempt to remote root access again (e.g. by changing passwords, uninstalling dropbear, etc.)...
Mike Kostousov
10-25-2006, 09:08 AM
It seems that it is everything. But I am not sure, because after this update iLiad can connect to iDS one more time. See ./usr/bin/post_download.sh in patch. It has lines:
# write flag to reconnect to iDS after reboot
sysset -w -a 153 -l 1 -v 1
Alexander Turcic
10-25-2006, 09:10 AM
From the announcement:

# After connecting to the server you will get a message: Downloading Software Patch v2.7.1 and the progress of the download.
# When the download is complete wait until the screen of the iLiad turns white.
# After this the iLiad will automatically restart itself.
# When the iLiad has restarted, it will reconnect to the iDS to check for any further downloads.
# When there are no additional downloads you will return to the Download history screen, and the installation is complete.
scotty1024
10-25-2006, 11:42 AM
As much as I liked Design256's pre-exploit work around, :), I'd rather encourage iRex to post the patches.

I'm quite capable of applying them manually. :D
CommanderROR
10-25-2006, 01:17 PM
Should I move this to the development subforum? I think so...any objections?