Rodrigo: true. But this will be helpful in curbing malware. Even after the device has been rooted, setuid HAS to be called to elevate. Therefore, this should prevent that.
Nathaniel: Race condition is true. However, the check is performed in setuid, that means, the system server is invoked before the escalation is complete, and hence, before the malware process becomes root. -Earlence On Aug 16, 3:42 am, Nathaniel Husted <[email protected]> wrote: > I am currently working on a similar issue. There is another problem to > think about with the system server in a situation dealing with > escalation of privleges. Whatever monitoring tool that is used must be > non-killable. If the tool can be killed by a root user than there will > be a potential race condition between the escalation of privilege > malware and the monitoring service. If the service wins, you beat the > malware. If the malware wins, you lose the Android device. > > Cheers, > Nathaniel Husted > Indiana University > > On Mon, Aug 15, 2011 at 12:14 PM, Rodrigo Chiossi > > <[email protected]> wrote: > > The idea seems good, but looking back to some of the exploits for Android, > > many were related to error while dropping privileges instead of elevating > > privileges. In this scenario you have a process with legitimate privilege > > failing to drop to a less privileged user, which means your proposed service > > would be unable to detect it. > > Rodrigo Chiossi. > > > On Thu, Aug 11, 2011 at 9:46 PM, Earlence <[email protected]> wrote: > > >> There will always be that unfound bug which will lead to a privilege > >> escalation, however, I am thinking of a way to reduce the damage an > >> escalation can cause, even though it elevates its privileges. > > >> The idea revolves around the existence of a system server whose sole > >> purpose is to detect and terminate processes that have illegally > >> elevated their uids, and a hook in setuid. > > >> Basically, every app that needs to elevate (illegally or legally > >> otherwise) will use setuid, this will proxy the call to the manager > >> which maintains a list of all processes that are legally allowed to > >> elevate privileges within the confines of the security state of the > >> phone. > > >> Thoughts? Suggestions? > > >> If this is a good idea, I would like to contribute it. > > >> Cheers, > >> Earlence > > >> -- > >> You received this message because you are subscribed to the Google Groups > >> "Android Security Discussions" group. > >> To post to this group, send email to > >> [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]. > >> For more options, visit this group at > >>http://groups.google.com/group/android-security-discuss?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
