cvb456456 / droidwall

Automatically exported from code.google.com/p/droidwall
0 stars 0 forks source link

Dangerous file permissions on droidwall.sh #260

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?

1. From Android shell: ls -l -a 
/data/data/com.googlecode.droidwall.free/app_bin/droidwall.sh
2. Notice that droidwall.sh is globally writable and that it is executed as 
root by the application

What is the expected output? What do you see instead?

This file should not be globally readable, writable or executable. By having it 
globally writable, this means that any application can write into that file 
allowing for the possible execution of arbitrary commands as root.

What version of the product are you using? On what operating system?

Version 1.5.7 on GINGERBREAD 2.3.6

Please provide any additional information below.

Discovered by Tyrone Erasmus - MWR Labs

Original issue reported on code.google.com by tyrone.e...@gmail.com on 8 Jun 2012 at 11:29