search

MaulanaRyM / FakeRoot

Install fake root in termux
MIT License
155 stars 51 forks source link

Error : fakerootkey not defined #1

Open cooltod opened 3 years ago

cooltod commented 3 years ago

Screenshot_2021-04-12-23-42-48-862_com termux

Error details:

libfakeroot: FAKEROOTKEY not defined in environment

Amrris commented 1 year ago

Wh

Amrris commented 1 year ago

https://github.com/MaulanaRyM/FakeRoot/issues/1#issue-856227510

Amrris commented 1 year ago

95.185.213.47

mikewho2 commented 1 year ago

This script is written in Python and employs some interesting techniques, including the use of marshalling. Here's an overview of the script:

Marshalling: The script uses Python's built-in marshal module, which is used for serializing and deserializing Python objects. In this script, marshal.loads() is used to load serialized code (marshalled data) represented as a string.

Executing Marshalled Code: The marshalled code is directly executed using exec(). The exec() function is powerful and potentially dangerous. It runs the code it's passed with the current scope. This means that if the code is provided from an untrusted source, it can cause serious security issues, as it can run any Python command.

Now, discussing the security implications:

Code Obfuscation: The usage of marshalling here is a form of code obfuscation. It's unclear what the marshalled code does without reversing it back to its original form. This can be a potential security issue as it hides the true intentions of the code, which could be harmful or malicious.

Arbitrary Code Execution: The exec() function can execute any Python code, which makes it a serious security risk if the input to exec() is not controlled or is obtained from an untrusted source. In this script, exec() is used to execute the unmarshalled code. If the unmarshalled code is malicious, it will be executed without any checks.

Lack of Input Validation/Sanitization: The script does not have any input validation or sanitization, making it more vulnerable to security issues.

What this could do depends entirely on the code that is unmarshalled. It could do anything that Python is capable of doing, which includes but is not limited to: file manipulation (read/write), network communication, starting other processes, loading other modules, etc. Without knowing the contents of the marshalled code, it's hard to say definitively.

In conclusion, it's crucial to never run such scripts unless you are completely sure about the source of the marshalled data and trust it completely. It's always recommended to review and understand the complete code before executing it, especially when exec() and marshalling are involved