Minor fixes

This commit is contained in:
Giulio 2020-10-31 22:28:05 +01:00
parent 2769a127f1
commit c757a1b189

View File

@ -256,7 +256,7 @@ ls: /proc/net/ip6_tables_names: No such file or directory
Lastly, we need a signed executable to run or a script (scripts do work because the interpreter, busybox is signed). Unfortunately, busybox, if run this way will instantly drop its privileges. Lastly, we need a signed executable to run or a script (scripts do work because the interpreter, busybox is signed). Unfortunately, busybox, if run this way will instantly drop its privileges.
Also, we cannot pass `LD_PRELOAD` to an `execv` call so the only way is to actually swap a library used by a signed executable that we can call. Also, we cannot pass `LD_PRELOAD` to an `execv` call so the only way is to actually swap a library used by a signed executable that we can call.
Luckily, on my device there are two user-installed apps (every working terminal must have at least one) and they both use shared libraries with are writeable by the low privileged user. I wouldn't say that this itself is some kind of vulnerability because our current user is indeed the user responsible for installing (and thus if required overwriting) the applications and their assets. Luckily, on my device there are two user-installed apps (every working terminal must have at least one) and they both use shared libraries which are writeable by the low privileged user. I wouldn't say that this itself is some kind of vulnerability because our current user is indeed the user responsible for installing (and thus if required overwriting) the applications and their assets.
So, some simple code like: So, some simple code like:
@ -313,7 +313,7 @@ These libraries, on the device are in `/data/app/MAINAPP/lib/`. I choose to over
/data/app/MAINAPP $ id /data/app/MAINAPP $ id
uid=999(MAINAPP) gid=999(MAINAPP) groups=1(system),2(hwdev),999(MAINAPP),999(MAINAPP) uid=999(MAINAPP) gid=999(MAINAPP) groups=1(system),2(hwdev),999(MAINAPP),999(MAINAPP)
/data/app/MAINAPP $ xtables-multi ip6tables -t nat -L --modprobe=/data/app/MAINAPP/bin/MablApp /data/app/MAINAPP $ xtables-multi ip6tables -t nat -L --modprobe=/data/app/MAINAPP/bin/MablApp
Test ld_preload LD_PRELOAD is working!
My UID is: 0. My GID is: 999. My EUID is: 0 My UID is: 0. My GID is: 999. My EUID is: 0