Correction: And the way to break down the Android is to rip through the security barrier by means of a privilege escalation.
PS: Also, just a quick question: So I still miss the fact about how such native exploits like what I have done here(you know, manually doing an adb push my exploit binary etc), get distributed? Are native exploits also always packaged as applications(Appstore/internet)? How else can android exploits be distributed? And how is the Android community preventing this? On Tue, Aug 2, 2011 at 10:02 AM, patrick Immling <[email protected]>wrote: > Dear All, > > As I understand, the Apps residing in /data are not allowed to SUID. Only > the /system partition files can do this. Isn't it? > > And the way to break down the Android is to rip through the security > barrier is to find a way to compromise it is through a privilege escalation. > > I was just wondering that with Apps executing native code not being able to > bring about a temporary privilege escalation, how else was it done by say > Rageagainstthecage or some other exploit? > > So then I thought of the following: > > 1. A native code which exploits an existing error in kernel code where > there is possible privilege escalation(like say similar to > Rageagainstthecage where a daemon running as root doesn't check the return > of setuid call). > > 2. Compile my code against the arm-gcc and then move to the executable to > my phone as below. > > 3. Start my emulator and do : adb push myexploit /system/destdir > > 4. Then run from from here. > > > I know I must be missing something, for it can't be that easy or?? > > > Thanks. > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
