Open tareksander opened 2 years ago
Gonna start reviewing code now for sockets in termux-api
and termux-app
. You did apparently put a UID check on app side. If we use file system socket from termux-app
, then probably should not be a problem. Will look into it.
For the main Termux app it's sort of a last line of defense, you would have to have really messed up SELinux and filesystem permissions for other apps to even be able to see the socket file.
That check is only for the new direct connection, I meant the connection used when returning the result:
https://github.com/termux/termux-api/blob/master/app/src/main/java/com/termux/api/util/ResultReturner.java
https://github.com/termux/termux-api-package/blob/master/termux-api.c#L409
Because the sockets are created in the abstract namespace, anyone could create them or connect to them.
With the recent vulnerabilities in Termux maybe it would be good to add a UID check and only allow Termux and root to connect, the same on the termux-api-package side.