|
Comments relating to this unit refer to an early retail model;
modifications may have been made in later production systems or
subsequent "firmware" upgrades.
Linksys' own software is a lightly-warmed-over RedHat 5.2 install,
locked down for a single purpose, but basically stock. Removing the
drive and mounting it in another system makes examining their CGI
setup quite easy, and reveals that their "upgrade" interface offers
the perfect security hole for subverting the system.
The "upgrade" interface has the following expectations:
- The uploaded file must be a gzipped tarball.
- The tarball must contain a directory "rpm", in turn containing
an executable shellscript named "install.sh". This script is run
as root.
- The tarball must, when extracted in verbose mode, emit at least
one '0' character. (This actually looks like a bug.)
The quickest way to get FreeBSD up and running on this unit is to take
the drive out and install it in another system. The Davicom ethernet
device is not the most wonderful, but it's a good fit for this system
and well supported by the 'dc' driver. You should be OK with the
GENERIC kernel, but it can be trimmed down if space is an issue.
A more elaborate approach would be to build a toolkit which could be
dowloaded via the "update" interface, and which would subsequently
provide a mechanism for installing FreeBSD from a remote source. Some
work has progressed on this, but nothing is yet ready for general
consumption. If you're interested in participating,
send me some mail.
By building and loading the
gigadrive KLD you can add support for the
unit's front-panel LEDs and soft power-off capability. The
gigadrivecontrol program lets you tune the LEDs and monitor the
back-panel 'reset' switch, and the driver is compatible with the
'-p' flags to shutdown(8) and halt(8).
|