I am currently working on a similar issue. There is another problem to think about with the system server in a situation dealing with escalation of privleges. Whatever monitoring tool that is used must be non-killable. If the tool can be killed by a root user than there will be a potential race condition between the escalation of privilege malware and the monitoring service. If the service wins, you beat the malware. If the malware wins, you lose the Android device.
Cheers, Nathaniel Husted Indiana University On Mon, Aug 15, 2011 at 12:14 PM, Rodrigo Chiossi <[email protected]> wrote: > The idea seems good, but looking back to some of the exploits for Android, > many were related to error while dropping privileges instead of elevating > privileges. In this scenario you have a process with legitimate privilege > failing to drop to a less privileged user, which means your proposed service > would be unable to detect it. > Rodrigo Chiossi. > > On Thu, Aug 11, 2011 at 9:46 PM, Earlence <[email protected]> wrote: >> >> There will always be that unfound bug which will lead to a privilege >> escalation, however, I am thinking of a way to reduce the damage an >> escalation can cause, even though it elevates its privileges. >> >> The idea revolves around the existence of a system server whose sole >> purpose is to detect and terminate processes that have illegally >> elevated their uids, and a hook in setuid. >> >> Basically, every app that needs to elevate (illegally or legally >> otherwise) will use setuid, this will proxy the call to the manager >> which maintains a list of all processes that are legally allowed to >> elevate privileges within the confines of the security state of the >> phone. >> >> Thoughts? Suggestions? >> >> If this is a good idea, I would like to contribute it. >> >> Cheers, >> Earlence >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
