lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20081106162859.GA29004@psychosis.jim.sh>
Date: Thu, 6 Nov 2008 11:28:59 -0500
From: Jim Paris <jim@...n.com>
To: bugtraq@...urityfocus.com
Subject: Re: Applications can open up remote root access on G1 Phone

I wrote:
> Google Android applications on the T-Mobile G1 can spawn a telnetd
> that gives remote root access to your phone:
> 
> http://www.android-unleashed.com/2008/11/howto-get-root-on-your-android-g1-and.html
> 
> This particular method needs user interaction, but a rogue Android app
> could easily run telnetd automatically.  Android apps are not normally
> granted this sort of permission, and granting root is not supposed to
> even be possible.

Hi,

I was mistaken.  Turns out that init spawns a root shell on
/dev/console -- so everything you type automatically gets executed, as
root, as a command.  This is just a bug and requires the user to
physically type at the keyboard.  I don't think it could be exploited
automatically by an application.

-jim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ