What steps will reproduce the problem?
1. From Android shell: ls -l -a
/data/data/com.googlecode.droidwall.free/app_bin/droidwall.sh
2. Notice that droidwall.sh is globally writable and that it is executed as
root by the application
What is the expected output? What do you see instead?
This file should not be globally readable, writable or executable. By having it
globally writable, this means that any application can write into that file
allowing for the possible execution of arbitrary commands as root.
What version of the product are you using? On what operating system?
Version 1.5.7 on GINGERBREAD 2.3.6
Please provide any additional information below.
Discovered by Tyrone Erasmus - MWR Labs
Original issue reported on code.google.com by tyrone.e...@gmail.com on 8 Jun 2012 at 11:29
Original issue reported on code.google.com by
tyrone.e...@gmail.comon 8 Jun 2012 at 11:29