On Aug 15, 2011, at 7:27 PM, Earlence wrote: > Rodrigo: true. But this will be helpful in curbing malware. Even after > the device has been rooted, setuid HAS to be called to elevate. > Therefore, this should prevent that.
No, this is not true. For example, if you exploit a bug in the kernel, your payload executes in the kernel with kernel privileges. (And it is utterly Game Over — no mitigation can help.) > Nathaniel: Race condition is true. However, the check is performed in > setuid, that means, the system server is invoked before the escalation > is complete, and hence, before the malware process becomes root. This does not make sense. Generally, don't expect to survive after an attacker has elevated to root/kernel. Instead, work on finding and fixing bugs. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
