View Single Post
Old 11-09-2012, 05:01 PM   #54
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,552
Karma: 6015922
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
Installer "Access SafetyNet"

Question: The installer is script.?

EDIT: No initramfs. forget that idea

Spoiler:
What's to prevent creating Ixtabs bundle as a built-in addon.

The first time it runs it installs the recovery stuff (provide known configuration) and also:

Insert a few lines extra in the end of the updater. (so it runs everytime - whatever)

At the END of the OTA script (before it reboots) it does a few sanity tests:
checks for relevant iptables entries, do we have the bins and upstart still in place?

If not - trigger a post-install refix. thinking about it just do an quick (sanity) clean-up and ram the "recovery" .bin back through the installer.

Assumption: the installer script "hacking enhancement mechanism" could be clever enough to check the lines are still in the installer script and add them if not. (conditional patch?)
(also check they are not pre-pended by a # perhaps )

generally: be ready to restore it to last known good configuration if mangled with.

Worst that can happen is that it will fail to provide access if it failed. which is no worse than is the situation now. (and maybe some redundant unlinked bins, a borked OTA script and no entry in upstart, I don't see how the very simple upstart addition could go wrong but I am open to correction)

The overhead would be tiny. the result would be bulletproof? no?

I suppose the point is that would future proof all future updates against access tampering

That's my thought anyway. HTH

Last edited by twobob; 11-09-2012 at 09:49 PM. Reason: clearer I hope
twobob is offline   Reply With Quote