Enabling autostart.sh, and closing Samba security hole

usury · 15 January 2017 03:48

I’m using Lakka nightly (21205) on an old Dell e1505 laptop (64-bit 2-core Intel T7400 cpu, 2GB ram, ATI X1400 gpu).

Lakka automatically mounts other partitions it finds on the HDD of the system on which it is running. While this is useful for loading roms when Lakka is running from a USB stick, it leaves all those HD partitions available and accessible without authentication through Samba under the Roms folder.

I’m running my Lakka system only on my own home network, and there is nothing of consequence stored on the other HD partitions, [I]but that might not be true for all users.

[/I]Imagine playing games from USB Lakka on your work/school laptop while at a coffee shop. A nefarious fellow patron can now access all of your HD content as a simple windows share.

It doesn’t seem wise to have potential security hole like that.

Upon booting the Lakka system, I’d like to automatically unmount other partitions it finds. I thought using “autostart.sh” would be ideal for that.

According to the OpenELEC wiki, [FONT=courier new]/storage/.config/autostart.sh should run when the system is started.

However, systemctl said “retroarch-autostart” was disabled (emphasis mine) [/FONT]

lakka:~ # systemctl status retroarch-autostart.service
● retroarch-autostart.service - RetroArch user autostart script
   Loaded: loaded (/usr/lib/systemd/system/retroarch-autostart.service; [I][B]disabled[/B][/I]; vendor preset: enabled)
   Active: active (exited) since Wed 2015-12-02 10:45:42 PST; 3min 44s ago
 Main PID: 400 (code=exited, status=2)
   CGroup: /system.slice/retroarch-autostart.service

It being disabled might be an artifact of installing from a nightly release. So, I enabled it…

lakka:~ # systemctl enable retroarch-autostart.service
Created symlink from /storage/.config/system.d/retroarch.service.wants/retroarch-autostart.service to /usr/lib/systemd/system/retroarch-autostart.service.

lakka:~ # systemctl status retroarch-autostart.service
● retroarch-autostart.service - RetroArch user autostart script
   Loaded: loaded (/usr/lib/systemd/system/retroarch-autostart.service; [I][B]enabled[/B][/I]; vendor preset: enabled)
   Active: active (exited) since Wed 2015-12-02 10:45:42 PST; 8min ago
 Main PID: 400 (code=exited, status=2)
   CGroup: /system.slice/retroarch-autostart.service

After rebooting, “autostart.sh” now runs. But I can’t use it to [FONT=courier new]umount, probably because other partitions are not mounted yet (emphasis mine)… [/FONT]

lakka:~ # systemctl status retroarch-autostart.service
● retroarch-autostart.service - RetroArch user autostart script
   Loaded: loaded (/usr/lib/systemd/system/retroarch-autostart.service; enabled; vendor preset: enabled)
   Active: active (exited) since Wed 2015-12-02 11:31:05 PST; 1min 57s ago
  Process: 370 ExecStart=/bin/sh -c . /etc/profile; exec /bin/sh /storage/.config/autostart.sh (code=exited, status=0/SUCCESS)
 Main PID: 370 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/retroarch-autostart.service


Dec 02 11:31:05 lakka systemd[1]: Starting RetroArch user autostart script...
Dec 02 11:31:05 lakka systemd[1]: Started RetroArch user autostart script.
[I][B]Dec 02 11:31:05 lakka sh[370]: umount: can't umount /dev/sda2: Invalid argument[/B][/I]

Does anyone have advice on either [ol] [li]preventing Lakka from automatically mounting other HD partitions[/li][li]unmounting other HD partitions after booting (but not via autostart.sh)[/li][/ol]

(As an aside, other tests indicate that /storage/ is still a read-only file system at the time in the boot process when “autostart.sh” is reached.)

Dec 02 11:08:38 lakka sh[329]: /storage/.config/autostart.sh: line 14: can't create testfile.txt: Read-only file system

Kivutar · 15 January 2017 06:39

There is a cmdline option, here https://github.com/libretro/Lakka/blob/lakka/packages/sysutils/udevil/system.d/[email protected]#L3

You can disable the udevil service this way.

You can also try to systemctl disable it. Please let me know if it works, I’d like to add a page on the wiki about everything security, like changing passwords, disabling services, etc.

usury · 15 January 2017 06:39

Since “udev” and “udevil” would be easy typos, I have been careful to be accurate every time I mention one or the other.

Adding “udevil=0” to the kernel boot parameters effectively stops HD partitions from being mounted. Additionally, it stops anything from being shared with Samba (aka SMB, Windows file sharing).

It looks like it may be possible to create udev rules that prevent udevil from mounting specifically-named partitions. The details appear on the Raspberry Pi forums and refer to OpenELEC. I did not try this approach. Creating files in the appropriate place under /storage/.config/ or /storage/.cache/ is probably required.

My limited attempts to disable udevil using systemctl were unsuccessful.


lakka:~ # systemctl list-units *udevil*

UNIT                           LOAD   ACTIVE SUB    DESCRIPTION
[email protected] loaded active exited Udevil mount service
[email protected] loaded active exited Udevil mount service
[email protected] loaded active exited Udevil mount service
[email protected]  loaded active exited Udevil mount service
system-udevil\x2dmount.slice   loaded active active system-udevil\x2dmount.slice

It looks like there is one udevil-mount@-dev-*.service per partition and physical device. (My /dev/sda has four partitions - sda3 is linux swap and isn’t listed here. /dev/sr0 is the cdrom.)

Calling systemctl disable appears to happen successfully but does not survive reboot.

There are very few files relating to udevil on a default Lakka install

lakka:~ # find / -name udevil*

/etc/udevil
/etc/udevil/udevil.conf
/sys/fs/cgroup/systemd/system.slice/system-udevil\x2dmount.slice/[email protected]
/sys/fs/cgroup/systemd/system.slice/system-udevil\x2dmount.slice/[email protected]
/sys/fs/cgroup/systemd/system.slice/system-udevil\x2dmount.slice/[email protected]
/usr/bin/udevil
/usr/lib/systemd/system/[email protected]

I’m sure there are things in “udevil.conf” that cold be overridden by creating/editing the appropriate file under /storage/.config/.

For grins, though there is a service file listed, trying to disable it was unsuccessful

lakka:~ # systemctl status [email protected]
Failed to get properties: Unit name [email protected] is not valid.

So, I added “udevil=0” to the kernel boot parameters (without quotes) and stopped investigating alternatives.

Kivutar · 15 January 2017 06:39

What we can do, is changing the conditions in the udevil service file. Like if a file is present or not present on the filesystem, it will prevent or allow the launch of the service.

See how it’s done here https://github.com/libretro/Lakka/blob/lakka/packages/network/samba/system.d.opt/smbd.service#L7

Then, we can integrate the creation and destruction of this file in RetroArch Settings.