/data only contains - on this running dream, with mostly standard firmware - a few directories, none of which are directly application related and all of which appear to be standard: drwxrwx--x shell shell 2009-05-28 19:49 local drwxrwx--x system system 2009-05-28 19:49 data drwx------ root root 2009-05-28 19:49 property drwxrwx--x system system 2009-05-28 19:49 app-private drwxrwxr-x system system 2009-05-28 19:49 system drwxr-xr-x system system 2009-05-30 20:41 tombstones drwxrwx--x system system 2009-05-28 19:49 dalvik-cache drwxrwx--- root root 2009-05-28 19:49 lost+found drwxrwx--x system system 2009-05-28 19:49 app drwxrwxrwx system system 2009-05-28 19:49 anr drwxrwx--- root root 2009-05-28 19:49 lost+found drwxrwx--t system misc 2009-05-28 19:49 misc drwxrwx--- root root 2009-05-28 19:49 lost+found
Most of those are world-readable anyway.. (and joy, that lost+found bug still lives. Fun.) Even if we assume /data/data, then if that were true guessing the application name would have the same vulnerability. Reading /data/data is an information leak (what apps are installed, and/or might have data saved) but it is not an application-data leak. As an aside, there are some definite leaks in that list - anr/traces.txt for example. And why are all the application data directories world-readable? That sounds like a much bigger potential problem than being able to see that /data has a standard layout. On Mon, Jul 20, 2009 at 2:25 AM, Romain Guy<[email protected]> wrote: > > That would (potentially) allow any application to read and write the > data of other applications. So yes, there's a threat. > > On Sun, Jul 19, 2009 at 11:23 PM, tstanly<[email protected]> wrote: >> >> hi, >> >> i change the mode for /data, >> chmod 777 /data >> it's work! >> >> >> but is there have threat for changoing directory mode?? >> >> >> thanks! >> >> >> >> On 7月20日, 下午2時04分, tstanly <[email protected]> wrote: >>> hi all, >>> >>> use file class, >>> file("/data").listfiles(); >>> there is notiong can show, >>> >>> but use >>> file("/").listfiles(); >>> it works! >>> >>> so is there some limit for directory under /data ?? >>> >>> thanks! >> > >> > > > > -- > Romain Guy > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time > to provide private support. All such questions should be posted on > public forums, where I and others can see and answer them > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
