On Mon, Jul 20, 2009 at 4:14 PM, Disconnect <dc.disconn...@gmail.com> wrote:
> /data only contains - on this running dream, with mostly standard firmware
> - a few directories, none of which are directly application related and all
> of which appear to be standard:
What is a "mostly standard firmware" exactly? Are you referring to one of
the JF builds?
>
> drwxrwx--x shell shell 2009-05-28 19:49 local
> drwxrwx--x system system 2009-05-28 19:49 data
> drwx------ root root 2009-05-28 19:49 property
> drwxrwx--x system system 2009-05-28 19:49 app-private
> drwxrwxr-x system system 2009-05-28 19:49 system
> drwxr-xr-x system system 2009-05-30 20:41 tombstones
> drwxrwx--x system system 2009-05-28 19:49 dalvik-cache
> drwxrwx--- root root 2009-05-28 19:49 lost+found
> drwxrwx--x system system 2009-05-28 19:49 app
> drwxrwxrwx system system 2009-05-28 19:49 anr
> drwxrwx--- root root 2009-05-28 19:49 lost+found
> drwxrwx--t system misc 2009-05-28 19:49 misc
> drwxrwx--- root root 2009-05-28 19:49 lost+found
>
> Most of those are world-readable anyway.. (and joy, that lost+found bug
> still lives. Fun.)
>
> Even if we assume /data/data, then if that were true guessing the
> application name would have the same vulnerability. Reading /data/data is an
> information leak (what apps are installed, and/or might have data saved) but
> it is not an application-data leak.
>
> As an aside, there are some definite leaks in that list - anr/traces.txt
> for example. And why are all the application data directories
> world-readable? That sounds like a much bigger potential problem than being
> able to see that /data has a standard layout.
>
>
> On Mon, Jul 20, 2009 at 2:25 AM, Romain Guy<romain...@google.com> wrote:
> >
> > That would (potentially) allow any application to read and write the
> > data of other applications. So yes, there's a threat.
> >
> > On Sun, Jul 19, 2009 at 11:23 PM, tstanly<tsai.sta...@gmail.com> wrote:
> >>
> >> hi,
> >>
> >> i change the mode for /data,
> >> chmod 777 /data
> >> it's work!
> >>
> >>
> >> but is there have threat for changoing directory mode??
> >>
> >>
> >> thanks!
> >>
> >>
> >>
> >> On 7月20日, 下午2時04分, tstanly <tsai.sta...@gmail.com> wrote:
> >>> hi all,
> >>>
> >>> use file class,
> >>> file("/data").listfiles();
> >>> there is notiong can show,
> >>>
> >>> but use
> >>> file("/").listfiles();
> >>> it works!
> >>>
> >>> so is there some limit for directory under /data ??
> >>>
> >>> thanks!
> >> >
> >>
> >
> >
> >
> > --
> > Romain Guy
> > Android framework engineer
> > romain...@android.com
> >
> > Note: please don't send private questions to me, as I don't have time
> > to provide private support. All such questions should be posted on
> > public forums, where I and others can see and answer them
> >
> > >
> >
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
