On Mon, Jul 20, 2009 at 4:14 PM, Disconnect <dc.disconn...@gmail.com> wrote:
> /data only contains - on this running dream, with mostly standard firmware > - a few directories, none of which are directly application related and all > of which appear to be standard: What is a "mostly standard firmware" exactly? Are you referring to one of the JF builds? > > drwxrwx--x shell shell 2009-05-28 19:49 local > drwxrwx--x system system 2009-05-28 19:49 data > drwx------ root root 2009-05-28 19:49 property > drwxrwx--x system system 2009-05-28 19:49 app-private > drwxrwxr-x system system 2009-05-28 19:49 system > drwxr-xr-x system system 2009-05-30 20:41 tombstones > drwxrwx--x system system 2009-05-28 19:49 dalvik-cache > drwxrwx--- root root 2009-05-28 19:49 lost+found > drwxrwx--x system system 2009-05-28 19:49 app > drwxrwxrwx system system 2009-05-28 19:49 anr > drwxrwx--- root root 2009-05-28 19:49 lost+found > drwxrwx--t system misc 2009-05-28 19:49 misc > drwxrwx--- root root 2009-05-28 19:49 lost+found > > Most of those are world-readable anyway.. (and joy, that lost+found bug > still lives. Fun.) > > Even if we assume /data/data, then if that were true guessing the > application name would have the same vulnerability. Reading /data/data is an > information leak (what apps are installed, and/or might have data saved) but > it is not an application-data leak. > > As an aside, there are some definite leaks in that list - anr/traces.txt > for example. And why are all the application data directories > world-readable? That sounds like a much bigger potential problem than being > able to see that /data has a standard layout. > > > On Mon, Jul 20, 2009 at 2:25 AM, Romain Guy<romain...@google.com> wrote: > > > > That would (potentially) allow any application to read and write the > > data of other applications. So yes, there's a threat. > > > > On Sun, Jul 19, 2009 at 11:23 PM, tstanly<tsai.sta...@gmail.com> wrote: > >> > >> hi, > >> > >> i change the mode for /data, > >> chmod 777 /data > >> it's work! > >> > >> > >> but is there have threat for changoing directory mode?? > >> > >> > >> thanks! > >> > >> > >> > >> On 7月20日, 下午2時04分, tstanly <tsai.sta...@gmail.com> wrote: > >>> hi all, > >>> > >>> use file class, > >>> file("/data").listfiles(); > >>> there is notiong can show, > >>> > >>> but use > >>> file("/").listfiles(); > >>> it works! > >>> > >>> so is there some limit for directory under /data ?? > >>> > >>> thanks! > >> > > >> > > > > > > > > -- > > Romain Guy > > Android framework engineer > > romain...@android.com > > > > Note: please don't send private questions to me, as I don't have time > > to provide private support. All such questions should be posted on > > public forums, where I and others can see and answer them > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---