[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAJzxamK=7c_b0==_QwtF3WxUy8yOPvQU8R=M6qQYtGKqXJjG-w@mail.gmail.com>
Date: Thu, 16 Aug 2012 19:50:30 +1000
From: David Black <disclosure@....org>
To: Jann Horn <jannhorn@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: The Android Superuser App
On 13 August 2012 05:47, Jann Horn <jannhorn@...glemail.com> wrote:
> Hello,
> on Android, everyone who wants to give apps root access to his phone uses the
> Superuser application by ChainsDD. However, from a security perspective, that
> might be a somewhat bad idea.
>
> First, it's not really Open Source anymore, so you can't easily check whether
> everything works the way it should. Well, there are two github repos, one for
> the "su" binary and one for the Superuser app, but the one for the app is
> outdated. In fact, if you choose to build the Superuser app from source, you
> will get a vulnerable system because it still contains a vuln that is fixed
> in the more recent binary releases.
>
> Also, there are open, known vulns that the author doesn't seem to care about.
> You might want to have a look at
> https://github.com/ChainsDD/Superuser/issues/52 - whenever you choose to
> update the "su" binary using the Superuser app, unsigned code will be
> downloaded over HTTP and installed as a setuid root program on your device.
> This bug report is a month old, no comment from the developer, not fixed yet.
> And finally, I've found another vuln that essentially lets apps gain root
> rights without asking the user, and I will release all details about it in
> two weeks.
/me not surprised.
--
David.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists