On Tue, Sep 7, 2010 at 1:28 PM, Chris Palmer <[email protected]> wrote:
> On Tue, Sep 7, 2010 at 10:23 AM, Earlence <[email protected]> wrote: > > > but this is only thru the adb shell. > > Yes. And that's a good thing. > > > Rooted phones give normal application processes access to su and hence > > privileged commands. > > Sounds like a horrible security risk to me! :) > > That is why the superuser app (standard root provider for almost 2 years) prompts the user to get permission for the app before allowing su. (Cuz unfortunately, at the end of the day it is the user's device. Allowing them to do what they want with it is only as risky as any other security permission.) For a great example, look at the launcherpro security list some time - http://www.cyrket.com/p/android/com.fede.launcher/. It is a legit list for a complicated app, but there isn't much that a root app can do that isn't already on that list. Certainly the harmful stuff is all covered, including a lot of stuff root apps can't do or can't reasonably do.. > How can this be emulated? > > Another poster already told you: Get root via adb, and then install a > setuid-root copy of su or sh or something. Then, apps on the emulator > can invoke that program and be root. > > Or just install the superuser app, thereby ending up with an emulator that is like 99+% of rooted devices.. > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
