dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
34
share rss forum feed


Anon users

@anonymouse.org
reply to Smokey Bear

Re: Extremely critical vulnerability Samsung Android devices

Not only Samsung's Kernel has WRONG PERMISSIONS to allow free hacking

Anyone using Droidwall (with rooted stock roms, or custom CM roms) from code.google.com/p/droidwall (latest @v1.57) could be hacked... allowing taking over your whole Android phone...

hint: Look carefully for the OTHERS permission at /data/data/com.googlecode.droidwall/app_bin/droidwall.sh

No one with Unix 100 would have made such mistake...

OZO
Premium
join:2003-01-17
kudos:2
I have a different smart phone and, of course, it doesn't have /data/data/com.googlecode.droidwall/app_bin/droidwall.sh file. Do you have a general recommendation what to check there? Like e.g which files must have (or should not have) what permissions, etc... Thanks in advance.
--
Keep it simple, it'll become complex by itself...

Fickey
Terrorists target your backbone

join:2004-05-31
reply to Anon users
said by Anon users :

...Anyone using Droidwall (with rooted stock roms, or custom CM roms) from code.google.com/p/droidwall (latest @v1.57) could be hacked... allowing taking over your whole Android phone...

hint: Look carefully for the OTHERS permission at /data/data/com.googlecode.droidwall/app_bin/droidwall.sh ...

I don't really have any Unix or Linux expertise, but looking at my droidwall.sh & referring to this, I don't see any OTHERS issues. What am I missing?


Anon users

@anonymouse.org
assigning rwx rights for OTHERS is unforgiving in Unix if the user has root privileges. ...Can't commend more, wouldn't detail how to exploit...

Fickey
Terrorists target your backbone

join:2004-05-31
said by Anon users :

assigning rwx rights for OTHERS is unforgiving in Unix if the user has root privileges. ...Can't commend more, wouldn't detail how to exploit...

Understood, but I don't see anything in droidwall.sh that comes close to resembling rwx or 007 or whatever. Maybe because I don't have any custom scripts? Or more likely, it's just over my head.


Anon users

@anonymouse.org
oh, ya don't get my 'riddle' clear, not inside droidwall.sh, just ls -l droidwall.sh