World-writable configuration files in /etc/config (again)

Networking Solutions
1

On Jun 10th I raised the issue of world-writable configuration files in /etc/config in another topic:

I was told by Martynas back then that a fix for this was planned to be included in the 07.17 release, but some files remain world-writable. Among them are such critical things as the firewall and the updater:

BusyBox v1.34.1 (2025-09-04 11:51:25 UTC) built-in shell (ash)

     ____        _    ___  ____
    |  _ \ _   _| |_ / _ \/ ___|
    | |_) | | | | __| | | \___ \
    |  _ <| |_| | |_| |_| |___) |
    |_| \_\\__,_|\__|\___/|____/
-------------------------------------
     Teltonika RUT2M series 2025
-------------------------------------
   Device:     RUT241
   Kernel:     5.15.186
   Firmware:   RUT2M_R_00.07.17.3
   Build:      9c582dac894
   Build date: 2025-09-04 12:29:44
-------------------------------------
root@RUT241:~# ls -l /etc/config/
-rw-rw----    1 buttons  buttons        299 Aug 29 07:54 buttons
-rw-rw----    1 mobutils mobutils        63 Aug 29 07:54 call_utils
-rw-rw----    1 certific certific       743 Sep  8 14:57 certificates
-rw-rw----    1 shellina shellina       129 Aug 29 07:54 cli
-rw-rw-rw-    1 ds       ds              48 Aug 29 07:54 data_sender
-rw-rw-rw-    1 dfota    dfota           43 Aug 29 07:54 dfota
-rw-rw----    1 dnsmasq  dnsmasq        642 Aug 29 07:54 dhcp
-rw-rw----    1 dropbear dropbear       212 Aug 29 07:54 dropbear
-rw-rw----    1 juggler  juggler         49 Aug 29 07:54 event_juggler
-rw-rw-rw-    1 root     root          3925 Sep  8 14:58 firewall
-rw-rw-rw-    1 ioman    ioman          194 Sep  8 14:57 ioman
-rw-rw----    1 ip_block ip_block       134 Aug 29 07:54 ip_blockd
-rw-rw----    1 ipsec    ipsec           82 Aug 29 07:54 ipsec
-rw-rw----    1 mdcollec mdcollec       155 Aug 29 07:54 mdcollectd
-rw-rw----    1 multiple multiple        71 Aug 29 07:54 multi_wifi
-rw-rw----    1 mwan3    mwan3         1353 Aug 29 07:54 mwan3
-rw-rw----    1 network  network       1431 Aug 29 07:54 network
-rw-rw----    1 ntpclien ntpclien       399 Aug 29 07:54 ntpclient
-rw-rw-rw-    1 ntp      ntp             51 Aug 29 07:54 ntpserver
-rw-r--r--    1 root     root            46 Aug 29 07:54 openssl
-rw-rw----    1 openvpn  openvpn          0 Aug 29 07:54 openvpn
-rw-rw----    1 gsm      gsm            308 Aug 29 07:54 operctl
-rw-rw----    1 overview overview         0 Aug 29 07:54 overview
-rw-rw----    1 opkg     opkg            61 Aug 29 07:54 package_restore
-rw-rw----    1 password password       159 Aug 29 07:54 password_policy
-rw-rw----    1 preboot  preboot         40 Aug 29 07:54 periodic_reboot
-rw-rw----    1 preboot  preboot        228 Aug 29 07:54 ping_reboot
-rw-rw----    1 pptpd    pptpd            0 Aug 29 07:54 pptpd
-rw-rw----    1 profiler profiler       216 Sep  8 14:57 profiles
-rw-rw----    1 quota_li quota_li        30 Aug 29 07:54 quota_limit
-rw-rw-rw-    1 rms      rms            940 Sep  8 15:06 rms_mqtt
-rw-rw----    1 rpcd     rpcd          2051 Aug 29 07:54 rpcd
-rw-rw----    1 rut_fota rut_fota       144 Aug 29 07:54 rut_fota
-rw-rw----    1 sim_swit sim_swit        54 Aug 29 07:54 sim_switch
-rw-rw----    1 simcard  simcard        213 Aug 29 07:54 simcard
-rw-rw----    1 mobutils mobutils       504 Sep  8 14:58 sms_gateway
-rw-rw----    1 mobutils mobutils      6213 Sep  8 14:57 sms_utils
-rw-rw-r--    1 root     system         798 Sep  8 15:05 system
-rw-rw-r--    1 uhttpd   uhttpd        1377 Aug 29 07:54 uhttpd
-rw-rw----    1 recipien recipien         0 Aug 29 07:54 user_groups
-rw-rw----    1 uhttpd   uhttpd         265 Aug 29 07:54 vuci
-rw-rw----    1 widget   widget           0 Aug 29 07:54 widget
-rw-rw----    1 network  network        456 Aug 29 07:54 wireless
-rw-rw----    1 xl2tpd   xl2tpd           0 Aug 29 07:54 xl2tpd
root@RUT241:~#

Are there concrete plans to fix these issues in the near future? This type of security issue should not be present in any product, much less one aimed at professional enterprise usage.

3

Hello,

Thank you for your inquiry. Your request is currently under review and analysis. Once the evaluation is complete, I will get back to you with an update and further information regarding dropping root access firewall, updater, and system configs.

Thank you for your patience in the meantime.

Best regards,

4

Update:

The changes for firewall and other configuration files with dropped root-level permissions were already included in our RnD milestone and will be addressed in the upcoming RutOS 7.18 release.

Best regards,

5

I notice that your reply is overly specific and only mentions firewall. There should be no need for world-writable system configuration files AT ALL. If you fix the firewall configuration, then the modem updater, the NTP server, RMS can still be hijacked by any runaway process.

6

If you fix the firewall configuration, then the modem updater, the NTP server, RMS can still be hijacked by any runaway process.

Permissions removal for these configurations will also be included in the 7.18 release.

7

I just checked with a RUT241 and firmware RUT2M_R_00.07.18.3, straight after a factory reset. Indeed there are no more world-writable configuration files below /etc/config/, but I just noticed that the WHOLE DIRECTORY is world-writable:

root@RUT241:~# ls -ld /etc/config
drwxrwxrwx    1 100      users            0 Nov  6 15:12 /etc/config

There is no point in dropping the permissions from the files if the directory remains writable as then the files can just be replaced instead of changed in-place!

I also noticed that /etc/backup_packages/ is world-writable, which cannot be right:

root@RUT241:~# ls -ld /etc/backup_packages/
drwxrwxrwx    2 opkg     opkg             0 Oct 28 07:00 /etc/backup_packages/
8

For clarification: /etc/config/ was already writable in firmware version RUT2M_R_00.07.17.5.

9

This topic was automatically closed after 60 days. New replies are no longer allowed.