1. Account settings -> Composition and Addressing 에서 "Compose message in HTML format"을 uncheck
2. Preferences -> Composition -> Send Options -> Text Format에서 "Convert the message to plain text"로 변환
| 현재 설정된 java 위치 알아내기 (0) | 2014.07.14 |
|---|---|
| 파일 character encoding 알아보기 (0) | 2014.07.13 |
| [screen] detached된 세션 죽이기 (0) | 2014.02.17 |
| [Makefile] 다른 makefile 포함 (0) | 2013.12.30 |
| openssl 을 이용한 암호화 방법 (0) | 2013.11.25 |
참조: 열혈강의 파이썬, 이강성 저
Class 는 하나의 이름 공간이며 기본적으로 다음과 같다.
위에서 상속도 나와있는데 OOP를 아는 사람이라면 쉽게 이해가 가능하다.
class는 위와 같이 header와 body의 형태이며, header의 경우, :를 붙인다. pass는 아무 일도 하지 않고 자리를 채우는 명령문이다.
method의 정의는 다음과 같다.
method를 정의하기 위해서는 def를 사용하며, 첫 인수로 self를 사용한다. 이는 자바에서 쓰는 'this'와 유사하다고 보면 된다.(자기자신의 인스턴스 객체를 가리킨다)
method 호출은 두가지 방법이 있다.
1. Unbound Class Method
egg
2. Bound Instance Method
>>> c.set('egg')
>>> c.put()
egg
class 내부에서의 method 호출은 self. 를 이용하여야 한다.
출처: http://en.wikipedia.org/wiki/%3F:
GNU확장은 다음과 같이 값을 프로세싱을 한번 이상 할 경우, 문제가 되는 경우를 대비해 다음과 같이 operand를 스킵할 수 있게 한다.
a = x ? : y;
상기 라인은 아래와 같다.
a = x ? x : y;
만일 x가 expression이라면, 한번만 프로세싱된다.
| strtok에 NULL을 전달하는 이유 (0) | 2014.05.29 |
|---|---|
| 함수포인터 & typdef를 이용한 함수포인터 (0) | 2014.05.07 |
| [visual studio] 에러 C2143 로컬변수 선언 위치 (0) | 2013.11.24 |
| c precedence table (0) | 2013.11.23 |
| typedef struct 안에서 스스로를 참조 할 때 주의점 (0) | 2013.11.19 |
[ 3.11328] init: skipping insecure file '/default.prop'
[ 3.133259] init: skipping insecure file '/init.rc'
라는 에러 메세지가 나오면서 부팅이 안되면, 이는 다음과 같이 젤리빈(이상버전 동일?)에서 다음과 같이 파일 스탯을 참조하여, owner외에 writable 못하게 막아놓았기 때문이다.
143 char *data; 144 int sz; 145 int fd; 146 struct stat sb; 147 148 data = 0; 149 fd = open(fn, O_RDONLY); 150 if(fd < 0) return 0; 151 152 // for security reasons, disallow world-writable 153 // or group-writable files 154 if (fstat(fd, &sb) < 0) { 155 ERROR("fstat failed for '%s'\n", fn); 156 goto oops; 157 } 158 if ((sb.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
그럼 간단히, 644 혹은, 655 정도로 파일 퍼미션을 바꿔주면 된다.
| Android Exploit (0) | 2014.04.01 |
|---|---|
| [안드로이드] 안드로이드 버전 업데이트 과정 (0) | 2013.12.29 |
| 안드로이드 adb 명령어 리스트 (0) | 2013.12.01 |
| 안드로이드 settings 데이터 알아보기 (0) | 2013.12.01 |
| 안드로이드 system 파티션 remount (0) | 2013.11.28 |
dentry cache hash table size 지정은,
fs/dcache.c에서 alloc_large_system_hash를 통해서 된다. 그전에 dhash_entries는 kernel cmdline에서 지정하여 원하는 값을 패스 할 수 있다.
2965static void __init dcache_init(void) 2966{ 2967 int loop; 2968 2969 /* 2970 * A constructor could be added for stable state like the lists, 2971 * but it is probably not worth it because of the cache nature 2972 * of the dcache. 2973 */ 2974 dentry_cache = KMEM_CACHE(dentry, 2975 SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|SLAB_MEM_SPREAD); 2976 2977 /* Hash may have been set up in dcache_init_early */ 2978 if (!hashdist) 2979 return; 2980 2981 dentry_hashtable = 2982 alloc_large_system_hash("Dentry cache", 2983 sizeof(struct hlist_bl_head), 2984 dhash_entries, 2985 13, 2986 0, 2987 &d_hash_shift, 2988 &d_hash_mask, 2989 0); 2990 2991 for (loop = 0; loop < (1 << d_hash_shift); loop++) 2992 INIT_HLIST_BL_HEAD(dentry_hashtable + loop); 2993}
그리고 만약 dhash_entries값이 0이면(전역비초기화 변수 이므로 0으로 되어 bss영역에 있을 것이다) 5395라인 하위로 타고 들어가, nr_kernel_pages에 기반을 둔 2의 배수를 설정하고 기타 log2작업(아 이건 나중에 보자...)을 통해 hash table size를 출력한다.
5381void *__init alloc_large_system_hash(const char *tablename, 5382 unsigned long bucketsize, 5383 unsigned long numentries, 5384 int scale, 5385 int flags, 5386 unsigned int *_hash_shift, 5387 unsigned int *_hash_mask, 5388 unsigned long limit) 5389{ 5390 unsigned long long max = limit; 5391 unsigned long log2qty, size; 5392 void *table = NULL; 5393 5394 /* allow the kernel cmdline to have a say */ 5395 if (!numentries) { 5396 /* round applicable memory size up to nearest megabyte */ 5397 numentries = nr_kernel_pages; 5398 numentries += (1UL << (20 - PAGE_SHIFT)) - 1; 5399 numentries >>= 20 - PAGE_SHIFT; 5400 numentries <<= 20 - PAGE_SHIFT; 5401 5402 /* limit to 1 bucket per 2^scale bytes of low memory */ 5403 if (scale > PAGE_SHIFT) 5404 numentries >>= (scale - PAGE_SHIFT); 5405 else 5406 numentries <<= (PAGE_SHIFT - scale); 5407 5408 /* Make sure we've got at least a 0-order allocation.. */ 5409 if (unlikely(flags & HASH_SMALL)) { 5410 /* Makes no sense without HASH_EARLY */ 5411 WARN_ON(!(flags & HASH_EARLY)); 5412 if (!(numentries >> *_hash_shift)) { 5413 numentries = 1UL << *_hash_shift; 5414 BUG_ON(!numentries); 5415 } 5416 } else if (unlikely((numentries * bucketsize) < PAGE_SIZE)) 5417 numentries = PAGE_SIZE / bucketsize; 5418 } 5419 numentries = roundup_pow_of_two(numentries); 5420 5421 /* limit allocation size to 1/16 total memory by default */ 5422 if (max == 0) { 5423 max = ((unsigned long long)nr_all_pages << PAGE_SHIFT) >> 4; 5424 do_div(max, bucketsize); 5425 } 5426 5427 if (numentries > max) 5428 numentries = max; 5429 5430 log2qty = ilog2(numentries); 5431 5432 do { 5433 size = bucketsize << log2qty; 5434 if (flags & HASH_EARLY) 5435 table = alloc_bootmem_nopanic(size); 5436 else if (hashdist) 5437 table = __vmalloc(size, GFP_ATOMIC, PAGE_KERNEL); 5438 else { 5439 /* 5440 * If bucketsize is not a power-of-two, we may free 5441 * some pages at the end of hash table which 5442 * alloc_pages_exact() automatically does 5443 */ 5444 if (get_order(size) < MAX_ORDER) { 5445 table = alloc_pages_exact(size, GFP_ATOMIC); 5446 kmemleak_alloc(table, size, 1, GFP_ATOMIC); 5447 } 5448 } 5449 } while (!table && size > PAGE_SIZE && --log2qty); 5450 5451 if (!table) 5452 panic("Failed to allocate %s hash table\n", tablename); 5453 5454 printk(KERN_INFO "%s hash table entries: %ld (order: %d, %lu bytes)\n", 5455 tablename, 5456 (1UL << log2qty), 5457 ilog2(size) - PAGE_SHIFT, 5458 size); 5459 5460 if (_hash_shift) 5461 *_hash_shift = log2qty; 5462 if (_hash_mask) 5463 *_hash_mask = (1 << log2qty) - 1; 5464 5465 return table; 5466}
| 커널 디버깅 방법 (0) | 2014.09.19 |
|---|---|
| syslog LOCAL7 (0) | 2014.08.28 |
| Memory 정보 출력되는 곳 (0) | 2014.04.07 |
| driver 초기화 시에 쓰이는 module_init (0) | 2014.04.04 |
| Machine 이름 바꾸기 (0) | 2014.04.03 |
arch/arm/mm/init.c : mem_init(void)
586 unsigned long reserved_pages, free_pages; 587 struct memblock_region *reg;
/* 633 * Since our memory may not be contiguous, calculate the 634 * real number of pages we have in this system 635 */ 636 printk(KERN_INFO "Memory:"); 637 num_physpages = 0; 638 for_each_memblock(memory, reg) { 639 unsigned long pages = memblock_region_memory_end_pfn(reg) - 640 memblock_region_memory_base_pfn(reg); 641 num_physpages += pages; 642 printk(" %ldMB", pages >> (20 - PAGE_SHIFT)); 643 } 644 printk(" = %luMB total\n", num_physpages >> (20 - PAGE_SHIFT)); 645 646 printk(KERN_NOTICE "Memory: %luk/%luk available, %luk reserved, %luK highmem\n", 647 nr_free_pages() << (PAGE_SHIFT-10), 648 free_pages << (PAGE_SHIFT-10), 649 reserved_pages << (PAGE_SHIFT-10), 650 totalhigh_pages << (PAGE_SHIFT-10));
include/linux/memblock.h
150#define for_each_memblock(memblock_type, region) \ 151 for (region = memblock.memblock_type.regions; \ 152 region < (memblock.memblock_type.regions + memblock.memblock_type.cnt); \ 153 region++) 154
include/linux/memblock.h
123/** 124 * memblock_region_memory_end_pfn - Return the end_pfn this region 125 * @reg: memblock_region structure 126 */ 127static inline unsigned long memblock_region_memory_end_pfn(const struct memblock_region *reg) 128{ 129 return PFN_DOWN(reg->base + reg->size); 130}
include/linux/memblock.h
132/** 133 * memblock_region_reserved_base_pfn - Return the lowest pfn intersecting with the reserved region 134 * @reg: memblock_region structure 135 */ 136static inline unsigned long memblock_region_reserved_base_pfn(const struct memblock_region *reg) 137{ 138 return PFN_DOWN(reg->base); 139}
include/linux/memblock.h
37struct memblock { 38 phys_addr_t current_limit; 39 phys_addr_t memory_size; /* Updated by memblock_analyze() */ 40 struct memblock_type memory; 41 struct memblock_type reserved; 42};
meminfo 라는 구조체에 nr_banks 와 membank라는 구조체가 멤버로 있다. 이들은 부팅 과정에서 이미 arm_add_memory라는 함수를 통해서 bank에 대한 start 및 size가 정해졌있다.(
early_init_dt_add_memory()나 parse_tag_mem32()등의 함수를 통해서 세팅된다(확인필요)
29struct membank { 30 phys_addr_t start; 31 phys_addr_t size; 32 unsigned int highmem; 33}; 34 35struct meminfo { 36 int nr_banks; 37 struct membank bank[NR_BANKS]; 38};
그리고 arch/arm/mm/init.c:find_limits()라는 함수를 통해서, 각 메모리 뱅크를 돌면서 (참고로 이건 3.1.10소스다. 최신은 좀 틀리다)
135static void __init find_limits(unsigned long *min, unsigned long *max_low, 136 unsigned long *max_high) 137{ 138 struct meminfo *mi = &meminfo; 139 int i; 140 141 *min = -1UL; 142 *max_low = *max_high = 0; 143 144 for_each_bank (i, mi) { 145 struct membank *bank = &mi->bank[i]; 146 unsigned long start, end; 147 148 start = bank_pfn_start(bank); 149 end = bank_pfn_end(bank); 150 151 if (*min > start) 152 *min = start; 153 if (*max_high < end) 154 *max_high = end; 155 if (bank->highmem) 156 continue; 157 if (*max_low < end) 158 *max_low = end; 159 } 160}
밑의 매크로를 통해서 페이지프레임넘버를 가져온다.
45#define bank_pfn_start(bank) __phys_to_pfn((bank)->start) 46#define bank_pfn_end(bank) __phys_to_pfn((bank)->start + (bank)->size)
139#define __phys_to_pfn(paddr) ((unsigned long)((paddr) >> PAGE_SHIFT))
가져온 pfn을 start, end에 assign하고 전달받은 min, max_low, max_high를 그에 맞게 설정해 준다.
그 후, bootmem_init()에서 arm_bootmem_init(min, max_low)를 통해 bootmem bitmap page 할당, bootmem allocator 초기화, lowmem 해재, lowmem memblock reservation 등을 한다.
위의 할당된 bootmem 은 나중에 init/main.c 에서 mem_init()를 호출하면,
453static void __init mm_init(void) 454{ 455 /* 456 * page_cgroup requires countinous pages as memmap 457 * and it's bigger than MAX_ORDER unless SPARSEMEM. 458 */ 459 page_cgroup_init_flatmem(); 460 mem_init(); 461 kmem_cache_init(); 462 percpu_init_late(); 463 pgtable_cache_init(); 464 vmalloc_init(); 465}
mem_init()에서 bootmem에 할당되었던 메모리를 해제한다.
600 totalram_pages += free_all_bootmem();
mm/bootmem.c
250unsigned long __init free_all_bootmem(void) 251{ 252 unsigned long total_pages = 0; 253 bootmem_data_t *bdata; 254 255 list_for_each_entry(bdata, &bdata_list, list) 256 total_pages += free_all_bootmem_core(bdata); 257 258 return total_pages; 259}
자 그러면 이제 우리가 원하던 부분이다.
610 reserved_pages = free_pages = 0; 611 612 for_each_bank(i, &meminfo) { 613 struct membank *bank = &meminfo.bank[i]; 614 unsigned int pfn1, pfn2; 615 struct page *page, *end; 616 617 pfn1 = bank_pfn_start(bank); 618 pfn2 = bank_pfn_end(bank); 619 620 page = pfn_to_page(pfn1); 621 end = pfn_to_page(pfn2 - 1) + 1; 622 623 do { 624 if (PageReserved(page)) 625 reserved_pages++; 626 else if (!page_count(page)) 627 free_pages++; 628 page++; 629 } while (page < end); 630 } 631 632 /* 633 * Since our memory may not be contiguous, calculate the 634 * real number of pages we have in this system 635 */ 636 printk(KERN_INFO "Memory:"); 637 num_physpages = 0; 638 for_each_memblock(memory, reg) { 639 unsigned long pages = memblock_region_memory_end_pfn(reg) - 640 memblock_region_memory_base_pfn(reg); 641 num_physpages += pages; 642 printk(" %ldMB", pages >> (20 - PAGE_SHIFT)); 643 } 644 printk(" = %luMB total\n", num_physpages >> (20 - PAGE_SHIFT)); 645 646 printk(KERN_NOTICE "Memory: %luk/%luk available, %luk reserved, %luK highmem\n", 647 nr_free_pages() << (PAGE_SHIFT-10), 648 free_pages << (PAGE_SHIFT-10), 649 reserved_pages << (PAGE_SHIFT-10), 650 totalhigh_pages << (PAGE_SHIFT-10)); 651 652#define MLK(b, t) b, t, ((t) - (b)) >> 10 653#define MLM(b, t) b, t, ((t) - (b)) >> 20 654#define MLK_ROUNDUP(b, t) b, t, DIV_ROUND_UP(((t) - (b)), SZ_1K) 655 656 printk(KERN_NOTICE "Virtual kernel memory layout:\n" 657 " vector : 0x%08lx - 0x%08lx (%4ld kB)\n" 658#ifdef CONFIG_HAVE_TCM 659 " DTCM : 0x%08lx - 0x%08lx (%4ld kB)\n" 660 " ITCM : 0x%08lx - 0x%08lx (%4ld kB)\n" 661#endif 662 " fixmap : 0x%08lx - 0x%08lx (%4ld kB)\n" 663#ifdef CONFIG_MMU 664 " DMA : 0x%08lx - 0x%08lx (%4ld MB)\n" 665#endif 666 " vmalloc : 0x%08lx - 0x%08lx (%4ld MB)\n" 667 " lowmem : 0x%08lx - 0x%08lx (%4ld MB)\n" 668#ifdef CONFIG_HIGHMEM 669 " pkmap : 0x%08lx - 0x%08lx (%4ld MB)\n" 670#endif 671 " modules : 0x%08lx - 0x%08lx (%4ld MB)\n" 672 " .text : 0x%p" " - 0x%p" " (%4d kB)\n" 673 " .init : 0x%p" " - 0x%p" " (%4d kB)\n" 674 " .data : 0x%p" " - 0x%p" " (%4d kB)\n" 675 " .bss : 0x%p" " - 0x%p" " (%4d kB)\n",
meminfo의 nr_bank숫자 만큼 루핑을 하면서, bank의 start주소와 end주소의 pfn을 가져와, 각각 page, end에 저장시키고, page에서부터 end까지 안에서 루핑하면서, page가 reserved일 경우, reserved_pages++ 하고, !page_count(page)일 경우 free_pages++하고, 마지막으로 page를 increment시킨다.
for_each_memblock(memory, reg) 는
150#define for_each_memblock(memblock_type, region) \ 151 for (region = memblock.memblock_type.regions; \ 152 region < (memblock.memblock_type.regions + memblock.memblock_type.cnt); \ 153 region++)
memblock_type의 memory안의 memblock_region의 regions을 돌면서(memory의 cnt숫자만큼),
26struct memblock_region { 27 phys_addr_t base; 28 phys_addr_t size; 29}; 30 31struct memblock_type { 32 unsigned long cnt; /* number of regions */ 33 unsigned long max; /* size of the allocated array */ 34 struct memblock_region *regions; 35}; 36 37struct memblock { 38 phys_addr_t current_limit; 39 phys_addr_t memory_size; /* Updated by memblock_analyze() */ 40 struct memblock_type memory; 41 struct memblock_type reserved; 42};
pages에 region의 base + size의 PFN 값에서 base의 PFN값을 뺀 값을 설정한다.
639 unsigned long pages = memblock_region_memory_end_pfn(reg) - 640 memblock_region_memory_base_pfn(reg);
그리고 이렇게 얻어진 pages를 num_phypages에 증가시켜준다.
그러면 드디오 이 num_phypages >> (20 - PAGE_SHIFT)가
Memory: = xxx MB total
에 나오는 xxx가 된다.
| syslog LOCAL7 (0) | 2014.08.28 |
|---|---|
| Dentry cache hash table 사이즈 (0) | 2014.04.08 |
| driver 초기화 시에 쓰이는 module_init (0) | 2014.04.04 |
| Machine 이름 바꾸기 (0) | 2014.04.03 |
| Machine 이름 알아내기 (0) | 2014.04.03 |
driver초기화 시에 흔히 불리는 module_init(x)는 include/linux/init.h에
로 정의되어 있다. 여기서 x는 kernel 부팅 타임이나 모듈 삽입시에 불리는 함수명이 된다.
built in 모듈일 경우, do_initcalls()에서 불릴 것이고,
module 일 경우, module insertion에 불린다.
| Dentry cache hash table 사이즈 (0) | 2014.04.08 |
|---|---|
| Memory 정보 출력되는 곳 (0) | 2014.04.07 |
| Machine 이름 바꾸기 (0) | 2014.04.03 |
| Machine 이름 알아내기 (0) | 2014.04.03 |
| early_param에 대해 (0) | 2014.03.31 |
MACH_TYPE_XXX 와 machine 이름을 overwrite하기 위해서는 아래 매크로를 활용하면 된다.
linux/arch/arm/include/asm/mach/arch.h
79 * Set of macros to define architecture features. This is built into 80 * a table by the linker. 81 */ 82#define MACHINE_START(_type,_name) \ 83static const struct machine_desc __mach_desc_##_type \ 84 __used \ 85 __attribute__((__section__(".arch.info.init"))) = { \ 86 .nr = MACH_TYPE_##_type, \ 87 .name = _name, 88 89#define MACHINE_END \ 90};
| Memory 정보 출력되는 곳 (0) | 2014.04.07 |
|---|---|
| driver 초기화 시에 쓰이는 module_init (0) | 2014.04.04 |
| Machine 이름 알아내기 (0) | 2014.04.03 |
| early_param에 대해 (0) | 2014.03.31 |
| /dev/tty 와 /dev/console의 차이점 (0) | 2014.02.05 |
start_kernel()-->setup_arch()-->setup_machine_tags()
arch/arm/kernel/setup.c에서setup_arch()함수 내에서 머신이름을 설정한다.
machine_arch_type은 setup_machine_tags의 인자로 넘어가고, setup_machine_tags()내의
for_each_machine_desc는 __arch_info_begin 에서 __arch_info_end 를 순환하면서 machine_desc구조체의 nr(architecture number를 인자로 받아온 machine_arch_type과 비교하여 같은 경우, archiecture name을 찍어준다.
| driver 초기화 시에 쓰이는 module_init (0) | 2014.04.04 |
|---|---|
| Machine 이름 바꾸기 (0) | 2014.04.03 |
| early_param에 대해 (0) | 2014.03.31 |
| /dev/tty 와 /dev/console의 차이점 (0) | 2014.02.05 |
| FrameBuffer size 구하기 (0) | 2013.12.11 |
출처: Nathaniel Husted, Augst 19, 2011, "Notes regarding Android OS System Development and Security as of Android 2.3.4"
7 Android Escalation of Privledge Attacks
Two attacks against the Android platform currently exist. These attacks
allow a user-level privledge to gain root privledges on the Android platform.
They both exploit userland vulnerabilities in Android. Some of these exploits
have been fixed, but the fixes depend on the manufacturer10
.
7.1 Rage Against The Cage
The Rage Against The Cage exploit takes advantage of a bug in the adb
code. The adb code on android performs certain actions as root at start up
but then drops root privledges using setuid. The exploit is in that the adb
code does not check if the setuid call succeeds of fails. If the call fails adb will
continue to run as the root user. Rage Against The Cage works by forking
enough children processes to reach the NPROC limit on the machine and
attempts to restart adb while NPROC is maxed. When this happens, the
setuid call will fail in adb and it will continue to run with root privledges.
Details can be found at http://intrepidusgroup.com/insight/2010/
09/android-root-source-code-looking-at-the-c-skills/.
7.2 Exploid
The exploid vulnerability takes advantage of the udev system on Android.
The Google developers removed a large amount of code from udev as it would
be implemented on Linux and moved the code into the init daemon. The
dillema is that the udev code used is susceptible to a bug that existed in
udev prior to 1.4.1 that did not verif that kernel messages it received came
from the kernel. In the Android OS this means that init would receive these
requests and init runs as root. A brief overview of the exploit is as follows:
1. Exploid copies it to a system directory writable to the shell user
2. It then sends a “NETLINK_KOBJECT_UEVENT” message to the
kernel.
3. Copied executable checks to see if it srunning as root..
4. When running as root, remounts system partition as read-write
5. Finally copies /system/bin/sh to /system/bin/rootshell and chmod’s
to 04711 to always run as root.
Details can be found at http://intrepidusgroup.com/insight/2010/
09/android-root-source-code-looking-at-the-c-skills/.
7.3 KillingInTheNameOf
The KillingInTheNameOf exploit is slightly different in that it takes advantage
of google’s custom shmem interface “ashmem”. The program maps the
system properties into a processes adress space. The vulnerability is that
they are not maped as write protected. The vulnerability then finds the
ro.secure property of adb and flips it. That allows any shell started by adb
to run as root. Rough details can be found in http://jon.oberheide.org/
files/bsides11-dontrootrobots.pdf.
7.4 ZimperLich
The ZimperLich follows the same structure as the Exploid vulnerability.
There are two major differences, though. First, ZimperLich attacks the
Zygote process on android and its lack of a check against the failure of setuid.
The Zygote process is the parent process which all Dalvik jails are
forked from. the other difference is that attacking Zygote does not require
a shell with a uid so the ZimperLich attack can be run from an APK. The
source code for ZimperLich can be found at http://c-skills.blogspot.
com/2011/02/zimperlich-sources.html.
7.5 GingerBreak
The GingerBreak exploit works in a similar manner to the Exploid vulnerability.
The difference is that in this case the exploit takes advantage of the
“vold” daemon improperly trusting messages recieved. A buffer underflow attack
is commited that causes and escalation of privledge attack. The attack
was found to work on on a number of devices from Android 2.2 to Android
3.0. The vulnerability is CVE-2011-1823. The very general description can be
found at https://groups.google.com/group/android-security-discuss/
browse\_thread/thread/1ac1582b7307fc5c. Source code for the exploit
can be found at http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.
html.
This has supposedly been fixed in newer versions of the Android source
11 as of May 2nd.
| skipping insecure file (0) | 2014.04.13 |
|---|---|
| [안드로이드] 안드로이드 버전 업데이트 과정 (0) | 2013.12.29 |
| 안드로이드 adb 명령어 리스트 (0) | 2013.12.01 |
| 안드로이드 settings 데이터 알아보기 (0) | 2013.12.01 |
| 안드로이드 system 파티션 remount (0) | 2013.11.28 |
|
