fi01
commented
10 years ago It seems that some syscalls such as exec are restricted by Samsung's special kernel. Please check kernel source code related symbol SEC*.
Open lindi2 opened 10 years ago
fi01
commented
10 years ago It seems that some syscalls such as exec are restricted by Samsung's special kernel. Please check kernel source code related symbol SEC*.
lindi2
commented
10 years ago Thanks for the pointer! It seems that the fork() call causes the execve() to work because the process is now a child of the init process and that case is explicitly allowed in the Samsung patch:
/* 1. Allowed case - init process. */
if (current->pid == 1 || parent_tsk->pid == 1)
goto out;I'd like to run Debian in a chroot. I think I need to disable these restrictions before normal binaries like "su" can work in the chroot. Can't we just replace sec_restrict_fork and sec_restrict_uid with stubs that always return 0?
hiikezoe
commented
10 years ago Yes sure. I actually had a plan to implement such feature in this repository by a plugin system last year. But not done yet. The plugin system has been already in public though. https://github.com/hiikezoe/mole_plough_plugins
lindi2
commented
10 years ago Great. Would it make sense to modify get_essential_address to dump all symbols? It would certainly make it easier to debug memory dumps that I got from /dev/mem. Also, it seems that Samsung does some kernel memory verification. I got "detected an application attempting unpermitted actions" popup after some time when I neutralized sec_restrict_uid and sec_restrict_fork.
Hi,
on GT-I9195 JDQ39.I9195XXUAMF5 the getuid() call returns 0 but system and execl fail (perror("execl") says "Permission denied"). Any idea what causes this?
I can get execl to work using the following workaround: