Re: Extremely critical vulnerability Samsung Android devices

Author	All Replies
Anon users @anonymouse.org	reply to Smokey Bear Re: Extremely critical vulnerability Samsung Android devices Not only Samsung's Kernel has WRONG PERMISSIONS to allow free hacking Anyone using Droidwall (with rooted stock roms, or custom CM roms) from code.google.com/p/droidwall (latest @v1.57) could be hacked... allowing taking over your whole Android phone... hint: Look carefully for the OTHERS permission at /data/data/com.googlecode.droidwall/app_bin/droidwall.sh No one with Unix 100 would have made such mistake...
	to forum · permalink · 2012-12-17 20:08:02 ·
OZO Premium join:2003-01-17 kudos:2	I have a different smart phone and, of course, it doesn't have `/data/data/com.googlecode.droidwall/app_bin/droidwall.sh` file. Do you have a general recommendation what to check there? Like e.g which files must have (or should not have) what permissions, etc... Thanks in advance. -- Keep it simple, it'll become complex by itself...
	to forum · permalink · 2012-12-17 21:45:54 ·
Fickey Terrorists target your backbone join:2004-05-31	reply to Anon users said by Anon users : ...Anyone using Droidwall (with rooted stock roms, or custom CM roms) from code.google.com/p/droidwall (latest @v1.57) could be hacked... allowing taking over your whole Android phone... hint: Look carefully for the OTHERS permission at /data/data/com.googlecode.droidwall/app_bin/droidwall.sh ... I don't really have any Unix or Linux expertise, but looking at my droidwall.sh & referring to this, I don't see any OTHERS issues. What am I missing?
	to forum · permalink · 2012-12-18 18:45:46 ·
Anon users @anonymouse.org	assigning rwx rights for OTHERS is unforgiving in Unix if the user has root privileges. ...Can't commend more, wouldn't detail how to exploit...
	to forum · permalink · 2012-12-18 20:28:48 ·
Fickey Terrorists target your backbone join:2004-05-31	said by Anon users : assigning rwx rights for OTHERS is unforgiving in Unix if the user has root privileges. ...Can't commend more, wouldn't detail how to exploit... Understood, but I don't see anything in droidwall.sh that comes close to resembling rwx or 007 or whatever. Maybe because I don't have any custom scripts? Or more likely, it's just over my head.
	to forum · permalink · 2012-12-19 10:43:40 ·
Anon users @anonymouse.org	oh, ya don't get my 'riddle' clear, not inside droidwall.sh, just ls -l droidwall.sh
	to forum · permalink · 2012-12-19 20:29:45 ·

Broadband Tech > Security > Security > Extr. critical vuln. Samsung Android devices [*CONFIRMED*]

Broadband Tech > Security > Security > Extr. critical vuln. Samsung Android devices [CONFIRMED]