The idea seems good, but looking back to some of the exploits for Android, many were related to error while dropping privileges instead of elevating privileges. In this scenario you have a process with legitimate privilege failing to drop to a less privileged user, which means your proposed service would be unable to detect it.
Rodrigo Chiossi. On Thu, Aug 11, 2011 at 9:46 PM, Earlence <[email protected]> wrote: > There will always be that unfound bug which will lead to a privilege > escalation, however, I am thinking of a way to reduce the damage an > escalation can cause, even though it elevates its privileges. > > The idea revolves around the existence of a system server whose sole > purpose is to detect and terminate processes that have illegally > elevated their uids, and a hook in setuid. > > Basically, every app that needs to elevate (illegally or legally > otherwise) will use setuid, this will proxy the call to the manager > which maintains a list of all processes that are legally allowed to > elevate privileges within the confines of the security state of the > phone. > > Thoughts? Suggestions? > > If this is a good idea, I would like to contribute it. > > Cheers, > Earlence > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
