How can I make a read-only filesystem read/write?

Question

I recently hacked into my router which runs BusyBox v1.9.1. I want to edit some files in my web GUI interface which will allow me to get hidden options in it. I'm trying to edit a .js file and replace it via FileZilla (I also hacked FTP through setting the default router directory as ../..), and when I upload the file in the router, it says: 553 Error: Read-only file system. How could I fix that through SSH or FTP? (Telnet seems to be broken.)

Also, how can I set a default command to execute when I SSH into a server in PuTTY? In Linux it works for me when I do "ssh admin@192.168.1.1 /bin/sh", but when I try to do it on Windows through PuTTY it disconnects me directly after I log in.

EDIT: okay, here goes:

rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
none on /dev type tmpfs (rw)
/proc on /proc type proc (rw)
none on /var type tmpfs (rw)
none on /tmp type tmpfs (rw)
none on /mnt type tmpfs (rw)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/nandflash on /upgflash type ext3 (rw,data=ordered)
none on /html/help type tmpfs (rw)
/dev/sda1 on /mnt/usb1_1 type vfat (rw,fmask=0000,dmask=0000,codepage=cp936,iocharset=cp936,shortname=winnt)

note:the last one is my 4GB flash memory, i need it connected always to the router because it helps me see the router's filesystem by doing a small exploit by adding ../.. to the usb1_1 directory that's created in upgflash file in my router's filesystem.

Might want to take a look at http://unix.stackexchange.com/q/19566/ — Dan Getz, Jul 20 '14 at 11:42
Can you add the output of the `mount` command? This will show any read/write filesystems or overlays on the router. — David, Jul 20 '14 at 17:51

score 6 · Accepted Answer · edited Apr 13 '17 at 12:37

See a similar question on Unix & Linux Stack Exchange for background. You aren't running into any kind of security restriction.

This is not related to the use of BusyBox, it's related to the filesystem used by the router. With filesystems for which a driver supports writing, mount -o remount,rw / would remount the filesystem read-write. You need shell access for that, you can't do it over FTP (but if you had root FTP access you could inject code by uploading it to some file that gets executed — search the writable partitions for executable files, crontabs, etc.). But your router runs SquashFS, which is designed specifically for read-only filesystems; SquashFS does not support writing, period. You can modify the content of the filesystem by generating a new image and flashing it.

Run cat /proc/filesystems to see what filesystem types are available. There might be a union filesystem that lets you override some files with a read-write view from the external flash or in tmpfs. Alternatively, you could mount --bind the SquashFS root to another location and mount a tmpfs filesystem on / containing mostly symbolic links to the relocated root. To make your changes persistent, you'd have to find something that's executed at boot time; look out for NVRAM values.

It appears that you're really a user trying to get your router to do more things, rather than an attacker trying to get the router to do things that the owner doesn't want. So forget this and install an alternate firmware.

but, can you tell me how can i exactly do the mount --bind thingy? i want to remount my router's fs into my usb flash drive, so that i could make it read write. also, which filesystem should i use and is suitable for the router i have? — H3lp3ingth3p33ps, Jul 21 '14 at 09:47
@H3lp3ingth3p33ps `mount --bind` doesn't “remount into [the] usb flash drove”, it creates an additional view of the SquashFS filesystem at another location. This is useful only if you're going to mount something else (such as (a part of) the flash drive) on `/` and want another path to access the SquashFS filesystem. Explaining this would be far too long for a comment. Ask on [unix.se], and be sure to [explain your objective precisely](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). — Gilles 'SO- stop being evil', Jul 21 '14 at 11:32
already did create a question on serverfault, but thanks anyways for the comment :) — H3lp3ingth3p33ps, Jul 21 '14 at 11:49

score 1 · Answer 2 · edited Jul 20 '14 at 13:46

1

It might be that you're interacting with read-only memory, but an ordinary file system can be remounted to write.

When you're a root just do:

mount -o remount,rw /

And it should remount the filesystem to be writeable.

Anyway, if you want your router to do more, replace the firmware with a better one.

edited Jul 20 '14 at 13:46

Peter Mortensen

877
5
10

answered Jul 20 '14 at 13:02

naugtur

1,095
2
12
15

read this first:http://unix.stackexchange.com/questions/19566/how-to-make-read-only-filesystem-writable-on-busybox if i do this, i may corrupt my filesystem because squashfs is limited and i think it can't be remounted to read/write. – H3lp3ingth3p33ps Jul 20 '14 at 14:33
@H3lp3ingth3p33ps You won't corrupt your filesystem, because it simply won't work. Linux doesn't include any code to write to a squashfs filesystem. – Gilles 'SO- stop being evil' Jul 21 '14 at 00:15

How can I make a read-only filesystem read/write?

2 Answers2