On 01/08/2013 09:58 AM, Peck, Michael A wrote:
David Weinstein of viaForensics discovered a denial of service
vulnerability in some Android devices that can be triggered by reading a
file in /sys/kernel/debug:
https://viaforensics.com/android-forensics/permission-android-app-reboots-galaxy-nexus.html
For example, “cat /sys/kernel/debug/ion/1” makes my Galaxy Nexus maguro
running a recent AOSP master + SEAndroid reboot.
Is there a good reason for the debugfs boolean in domain.te to be set to
true by default? Is it used for crash reporting? Does it need to be
readable by all apps?
Setting it to false prevents this attack.
I think we saw the attempted accesses to debugfs on Galaxy Nexus during
normal operation and therefore enabled it by default. We didn't fully
investigate what functionality is impaired by disabling it. I'd be open
to switching the default.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
