Dear All, As I understand, the Apps residing in /data are not allowed to SUID. Only the /system partition files can do this. Isn't it?
And the way to break down the Android is to rip through the security barrier is to find a way to compromise it is through a privilege escalation. I was just wondering that with Apps executing native code not being able to bring about a temporary privilege escalation, how else was it done by say Rageagainstthecage or some other exploit? So then I thought of the following: 1. A native code which exploits an existing error in kernel code where there is possible privilege escalation(like say similar to Rageagainstthecage where a daemon running as root doesn't check the return of setuid call). 2. Compile my code against the arm-gcc and then move to the executable to my phone as below. 3. Start my emulator and do : adb push myexploit /system/destdir 4. Then run from from here. I know I must be missing something, for it can't be that easy or?? Thanks. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
