Results 1 to 4 of 4
Like Tree2Likes
  • 2 Post By Nick_H

WARNING: Reliance dongle install BREAKS Linux Security

  1. #1
    Silver Member
    Join Date
    Jan 2009
    Posts
    391

    Exclamation WARNING: Reliance dongle install BREAKS Linux Security

    In short, and you don't have to know any linux/Unix to understand this:

    Installing this Netconnect software on your otherwise secure Linux machine makes it very insecure.

    In long,

    After installing the Reliance software to support and use EC159 dongle I noticed that my Ubuntu 11.04 system was not asking me for a password when using sudo.

    I checked the Reliance install scripts...
    Code:
    # Shashank: Defect fix AJ2D13470: Begin
    554     echo -e "ALL ALL=(ALL) NOPASSWD:ALL" >> /tmp/${TEMPFILE}
    That line, "ALL ALL=(ALL) NOPASSWD:ALL" ends up at the end of the file /etc/sudoers.

    Well, thank you, Mr Shashank, whoever you are: you should be sacked immediately and have do not employ this man branded on your forehead. I don't suppose you can spell out "s e c u r i t y," but I'd make you say it a thousand times a day for eternity. You are, in short, an idiot, and a dangerous one at that. No: that would not be punishment enough, I'd make you work with Windows 95 for the rest of your life.

    The line grants permission to any user to assume root id and privileges without entering a password.

    To Mr Shashank, it was the obvious hack to allow the Netconnect software to reconfigure the system's networking. Having removed it, Netconnect software does not work. No doubt there is a better way. I'm only using this thing when my Airtel network fails, so I haven't looked for it yet.

    I'm also using this dongle on Ubuntu 12.04, via Ubuntu's own network manager. It's not as reliable as Reliance's own connect software, but, so far as I can see, there are no big issues.
    itssri and Admin like this.

  2. #2
    Silver Member
    Join Date
    Jan 2009
    Posts
    391

    Default

    Having removed it, Netconnect software does not work.
    Yes it does work! Airtel has collapsed yet again and I'm using it right now. Which makes it even more of a stupid thing to have done.

  3. #3
    Junior Member itssri's Avatar
    Join Date
    Oct 2008
    Posts
    16

    Default

    I too had this issue (open sudo) recently and traced it to the same line "ALL ALL=(ALL) NOPASSWD:ALL" and commented it. However I was perplexed as to how it came about. Now, I realize it could have been done by the Airtel 4G-LTE install that I did. I now checked the Linux install files of Airtel 4G-LTE and indeed this same Shashank is the culprit on this too. So Airtel dongle also has the same issue! This chap seems to be with Huawei, not Reliance or Airtel.
    Please read signature rules.

  4. #4
    Admin's Avatar
    Join Date
    Jan 2006
    Posts
    8,500

    Default

    I use these dongles only with a wifi router so its all automatic away from my machine and what goes on at the router level stays there and I connect using wifi I am not a security expert but my understanding is that this setup keeps my PC safe regardless of what OS I use. Please correct me if I am wrong.

Similar Threads

  1. Replies: 20
    Last Post: 4th July 2013, 02:42 AM
  2. MMX310C EVDO dongle -- Linux support
    By puchu in forum Bsnl EVDO
    Replies: 3
    Last Post: 1st July 2013, 02:29 PM
  3. Replies: 0
    Last Post: 10th August 2012, 05:36 PM
  4. How do I install Linux?
    By doll in forum Operating Systems
    Replies: 7
    Last Post: 4th September 2011, 11:48 AM
  5. Opera Browser security warning:
    By essbebe in forum Windows
    Replies: 11
    Last Post: 17th March 2010, 08:14 PM