On 13 August 2012 05:47, Jann Horn <[email protected]> wrote: > Hello, > on Android, everyone who wants to give apps root access to his phone uses the > Superuser application by ChainsDD. However, from a security perspective, that > might be a somewhat bad idea. > > First, it's not really Open Source anymore, so you can't easily check whether > everything works the way it should. Well, there are two github repos, one for > the "su" binary and one for the Superuser app, but the one for the app is > outdated. In fact, if you choose to build the Superuser app from source, you > will get a vulnerable system because it still contains a vuln that is fixed > in the more recent binary releases. > > Also, there are open, known vulns that the author doesn't seem to care about. > You might want to have a look at > https://github.com/ChainsDD/Superuser/issues/52 - whenever you choose to > update the "su" binary using the Superuser app, unsigned code will be > downloaded over HTTP and installed as a setuid root program on your device. > This bug report is a month old, no comment from the developer, not fixed yet. > And finally, I've found another vuln that essentially lets apps gain root > rights without asking the user, and I will release all details about it in > two weeks.
/me not surprised. -- David. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
