I imagine some folks on this list have seen this (or a similar story):
http://theandroidsite.com/2009/08/16/rooting-your-android-with-one-click/
I haven't investigated it in any depth, but my speculation is that the
exploitation of the referenced kernel privilege escalation vulnerability
(http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2692) results
from the ability to execute native code.
I understand the public pressure to allow native code, and that
Android's security model provides protection at the process level;
however, as an Android user, I would like the ability to disallow third
party native libraries for security purposes (defense in depth).
I imagine there is a library path that can be checked somewhere to
ensure JNI only allows the /system prefix. Alternatively, the LSM hook
for mmap could be useful.
While this won't stop users from rooting their devices when kernel
privilege escalation vulnerabilities inevitably emerge, it provides a
nice buffer between the time the vulnerability is found to the time a
security patch is deployed that will protect many normal users.
I'm going to take a look at generating a patch when I get a chance, but
that might not be for a little while. If anyone starts to work on this,
please let me know.
Thanks,
-Will
