Ok 'mount' via terminal gives permission denied. seems good On Wed, Aug 3, 2011 at 9:01 AM, patrick Immling <[email protected]>wrote:
> Thanks a lot for all your responses. > > And btw is it so that all services/activities within the system partition > only have a temporary privilege escalation to root? Or is there anything on > the system partition like some daemons all the time running as root? And if > not, is this done as a conscious security step? > > @JBQ: Ok then is remount/mount command on system or data partition allowed > from terminal for all users?? This way we just have to remount the partition > to r-w and then execute or? I'm sure it isn't but just checking :) > > @Chris: So the ONLY way exploits gets into the Android is by means of Apps. > Or to elaborate, even native exploits are hidden inside an apk and then > distributed. What about manipulating some library and letting users use this > .so? Is it even possible? And since any App calling this library would say, > get root permission and do some damage?? > I am only musing loudly as to what possibilities exist to attack android. > > @Kevin:Users must be given fine grained revokeable control of > > apps. What users care about and what needs securing is almost always > under their default priviledges anyway. Good one :) > > > On Tue, Aug 2, 2011 at 8:21 PM, Kevin Chadwick <[email protected]>wrote: > On Tue, 2 Aug 2011 10:02:01 +0200 > patrick Immling <[email protected]> wrote: > > > And the way to break down the Android is to rip through the security > barrier > > is to find a way to compromise it is through a privilege escalation. > > The main thing attackers need root for is to hide a backdoor or activity > away and make sure your device stays under their control forever or > maybe to upgrade your device to avoid the exploits providers subject > you to. As demonstarted by Windows most attacks aren't that > sophisticated. Users must be given fine grained revokeable control of > apps. What users care about and what needs securing is almost always > under their default priviledges anyway. > > > > On Tue, Aug 2, 2011 at 8:21 PM, Kevin Chadwick <[email protected]>wrote: > >> On Tue, 2 Aug 2011 10:02:01 +0200 >> patrick Immling <[email protected]> wrote: >> >> > And the way to break down the Android is to rip through the security >> barrier >> > is to find a way to compromise it is through a privilege escalation. >> >> The main thing attackers need root for is to hide a backdoor or activity >> away and make sure your device stays under their control forever or >> maybe to upgrade your device to avoid the exploits providers subject >> you to. As demonstarted by Windows most attacks aren't that >> sophisticated. Users must be given fine grained revokeable control of >> apps. What users care about and what needs securing is almost always >> under their default priviledges anyway. >> >> -- >> Kevin Chadwick <[email protected]> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
