Full Disclosure mailing list archives
Re: debugfs exploit for a number of Android devices
From: Alexander Pruss <arpruss () gmail com>
Date: Wed, 15 Aug 2012 08:41:26 -0500
On Wed, Aug 15, 2012 at 8:10 AM, Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:
This also can't be used by malicious apps, since you need user/group "shell" to replace /data/local/tmp with a symbolic link, and normal applications cannot be granted this user/group.
You're right: my apologies. I didn't really look at how this exploit works. And you're certainly right that making /data writeable is a better way to exploit it. I just confirmed that on my 2.3.6 Epic 4G Touch there is no issue: a directory symlinked to /data/local/tmp does NOT get its permissions changed on boot. I am not sure I would say that it's erroneous to make /data/local writeable by adb shell. It may be handy for a developer with an unrooted device to put various commandline utilities in /data/local, such as a better busybox. Alex -- Alexander R. Pruss arpruss () gmail com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: debugfs exploit for a number of Android devices Dan Rosenberg (Aug 15)
- Re: debugfs exploit for a number of Android devices Alexander Pruss (Aug 15)
- Re: debugfs exploit for a number of Android devices coderman (Aug 18)