| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPRTkJj+DBZKKKUmJjEKZyzK5Y35My-Ufd2XNnUAjZiMMqPrZQ@mail.gmail.com> Date: Sat, 1 Sep 2012 16:33:47 -0500 From: Alexander Pruss <arpruss@...il.com> To: Dan Rosenberg <dan.j.rosenberg@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: debugfs exploit for a number of Android devices On Wed, Aug 15, 2012 at 8:10 AM, Dan Rosenberg <dan.j.rosenberg@...il.com> wrote: > The sane way to exploit this is to make /data shell-writable, and create or > modify /data/local.prop to contain the string "ro.kernel.qemu=1", which > causes ADB to retain root privileges rather than dropping to user "shell" > since this property convinces it that the device is the emulator. Using > debugfs to modify the filesystem is completely unnecessary and potentially > destructive. Actually, it looks like it's not quite so easy as editing /data/local.prop. My wife just got an Epic 4G Touch with ICS, and it looks like they put ro.kernel.qemu=0 in /system/build.prop, which makes any ro.kernel.qemu=1 setting in /data/local.prop get completely ignored. That's a nice and simple way of getting around many ways of gaining root. I may break down and use debugfs. :-( Alex -- Alexander R. Pruss arpruss@...il.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists