0
Jimmy Raymond Belanger

Protect OrangePi from gpio file injection

Recommended Posts

hi martinayotte, 

 

I remember you in the past, this is my new account but we have work 4 year on this forum in stratup of armbian. So in clear trust me when I insert the orange pi zero on a specify pcb , the pcb have arm chip on it.

 

I just start the linux and everything is working well but the second we do apt-get update, the "dpkg configure "  is broken. When I go the dpkg configure -a for fix the issue, who 6 new library forced to be installed

Share this post


Link to post
Share on other sites
3 minutes ago, Jimmy Raymond Belanger said:

orange pi zero - usb 4 pin gpio - exploit buffer overlow inject file by usb gpio voila

Then you talk about an USB issue, not a GPIO issue.. (a pin on a board doesn't mean it's a gpio - general purpose input/output). If you don't want that something on the USB pins on pinheader happens, I think (didn't test) it should be sufficient to just disable the device tree overlay which activate those USBs (as a 'hot fix'), and then probably report it to the sunxi mailing list in case it turns out to be a kernel-issue. 

Share this post


Link to post
Share on other sites

seriouly.... the orange pi zero have 4 GPIO PIN = USB.... usb or gpio same think for me it 4 pin...

 

my research is private, no information about security is provided.

 

it just look like the driver send by the controler board have malisious software....

 

I give you feedback after disable usb gpio port

 

 

 

 

Orange-Pi-Zero-Pinout-banner2-700x700.jpg

Share this post


Link to post
Share on other sites
6 minutes ago, Jimmy Raymond Belanger said:

it just look like the driver send by the controler board have malisious software...

You should detailed what is that famous board and how it is connected to OPi headers.

If you have it connected only on dual-header, there is no USB there, so no injection possible on those pins ...

Share this post


Link to post
Share on other sites
14 minutes ago, Jimmy Raymond Belanger said:

seriouly.... the orange pi zero have 4 GPIO PIN = USB.... usb or gpio same think for me it 4 pin...

And that's where your thinking goes wrong and why @martinayotte immediately thought you must be wrong. Pin != GPIO, otherwise you could argue that the 5V Pin on the pinheader must also be a GPIO. Nevertheless, it might be interesting which 'HAT' you stick to your OPi-Zero (even when it's not a GPIO issue it might be an USB issue, or an issue where this "HAT" doesn't do sane things) and for:

1 hour ago, Jimmy Raymond Belanger said:

sometime the pcb inject file inside the linux and create dpkg error.

 

it might be interesting to see some logs so that others can have a look whats going on here.. e.g. an 'armbianmonitor -u' could be a good starter?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
0