Version: 1.5.7 from 9 december 2011
The shell script /data/data/com.googlecode.droidwall.free/app_bin/droidwall.sh
is writable by any app (or the adb shell), which is really bad I think. Isn't
this the script which is run as root?
The following is run by the adb shell user, i.e. an unprivileged user. As seen
all directories in the patch have "x" for other, and the file has "rwx".
$ ls -ld /data
drwxrwx--x system system 2012-09-03 01:31 data
$ ls -ld /data/data
drwxrwx--x system system 2012-11-20 22:12 data
$ ls -ld /data/data/com.googlecode.droidwall.free/
drwxr-x--x u0_a117 u0_a117 2012-11-20 22:13
$ ls -ld /data/data/com.googlecode.droidwall.free/app_bin/>
-rwxrwxrwx u0_a117 u0_a117 36 2012-11-20 22:14 droidwall.sh
Original issue reported on code.google.com by mikma...@gmail.com on 20 Nov 2012 at 9:22
Original issue reported on code.google.com by
mikma...@gmail.comon 20 Nov 2012 at 9:22