Hello Android Security, I've just had an interesting conversation with +Jean-Baptiste Queru and +Dianne Hackborn at G+ (https://plus.google.com/ 112218872649456413744/posts/dFmpbxfpkfN) and the JBQ's advice was to discuss it here.
I wanted to ask you if you plan to back-port that privilege escalation bug that being successfully exploited by zergRush and could be definitely used by others for less noble purposes than device rooting. It exploits the buffer overflow possibility in system/core/libsysutils/ src/FrameworkListener.cpp module where limits are not enforced for the following array: char *argv[FrameworkListener::CMD_ARGS_MAX]; I could see that the bug has been fixed in ICS: *** ../android-4.0/system/core/libsysutils/src/FrameworkListener.cpp 2011-12-11 19:54:29.000000000 -0800 --- system/core/libsysutils/src/FrameworkListener.cpp 2011-12-31 11:15:11.000000000 -0800 .... skipped ... - *q = '\0'; - if (argc >= CMD_ARGS_MAX) - goto overflow; .... skipped ... JBQ has also mentioned that it might've been back-ported to 2.2.3 and 2.3.7, but I've just checked both of them and didn't find the change. Please let me know if you have any plans for back-porting that. Thanks & Have a Happy New Year, Oleg. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
