-the system partition is mounted read-only. and...
-the files and directories on the system partition aren't world-writeable. JBQ On Tue, Aug 2, 2011 at 1:12 AM, patrick Immling <[email protected]> wrote: > Correction: > And the way to break down the Android is to rip through the security barrier > by means of a privilege escalation. > PS: > Also, just a quick question: > So I still miss the fact about how such native exploits like what I have > done here(you know, manually doing an adb push my exploit binary etc), get > distributed? > Are native exploits also always packaged as applications(Appstore/internet)? > How else can android exploits be distributed? > And how is the Android community preventing this? > > On Tue, Aug 2, 2011 at 10:02 AM, patrick Immling <[email protected]> > wrote: >> >> Dear All, >> As I understand, the Apps residing in /data are not allowed to SUID. Only >> the /system partition files can do this. Isn't it? >> And the way to break down the Android is to rip through the security >> barrier is to find a way to compromise it is through a privilege escalation. >> I was just wondering that with Apps executing native code not being able >> to bring about a temporary privilege escalation, how else was it done by say >> Rageagainstthecage or some other exploit? >> So then I thought of the following: >> 1. A native code which exploits an existing error in kernel code where >> there is possible privilege escalation(like say similar to >> Rageagainstthecage where a daemon running as root doesn't check the return >> of setuid call). >> 2. Compile my code against the arm-gcc and then move to the executable to >> my phone as below. >> 3. Start my emulator and do : adb push myexploit /system/destdir >> 4. Then run from from here. >> >> I know I must be missing something, for it can't be that easy or?? >> >> Thanks. >> >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- Jean-Baptiste M. "JBQ" Queru Software Engineer, Android Open-Source Project, Google. Questions sent directly to me that have no reason for being private will likely get ignored or forwarded to a public forum with no further warning. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
