search

MatthewRoss1985 / android-casual

Automatically exported from code.google.com/p/android-casual
0 stars 0 forks source link

Use common sense in regard to security #13

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
CASUAL/communicationstools/adb/busybox/BusyboxTools.java:/*  66 */     String 
temp = this.shell.silentShellCommand(new String[] { 
this.adb.getBinaryLocation(), "shell", "chmod 777 /data/local/tmp/busybox;ls 
/data/local/tmp/busybox" });
CASUAL/communicationstools/adb/busybox/BusyboxTools.java:/* 101 */     String 
check = new Shell().sendShellCommand(new String[] { 
this.adb.getBinaryLocation(), "shell", "chmod 777 /data/local/tmp/busybox;ls 
/data/local/tmp" });

World writable files are a security concern, especially when they are 
executables and used by higher privileged users. In this case this can be used 
by any application to escalate to root or shell user depending on how it is 
being used.

chmod 755 is a better choice.

Original issue reported on code.google.com by jc...@cunninglogic.com on 16 Jan 2014 at 6:32

GoogleCodeExporter commented 9 years ago 
Accepted and will be addressed in the next revision.  This was a convience 
feature introduced during debugging for on-device terminal use.

Original comment by adamoutler@gmail.com on 16 Jan 2014 at 7:16

GoogleCodeExporter commented 9 years ago

Original comment by adamoutler@gmail.com on 16 Jan 2014 at 7:17

GoogleCodeExporter commented 9 years ago 
Fixed in R1003.   I appreciate the audit JCase!  

https://code.google.com/p/android-casual/source/detail?r=1003

Original comment by adamoutler@gmail.com on 16 Jan 2014 at 7:26