Minor fixes
This commit is contained in:
parent
2769a127f1
commit
c757a1b189
@ -256,7 +256,7 @@ ls: /proc/net/ip6_tables_names: No such file or directory
|
|||||||
Lastly, we need a signed executable to run or a script (scripts do work because the interpreter, busybox is signed). Unfortunately, busybox, if run this way will instantly drop its privileges.
|
Lastly, we need a signed executable to run or a script (scripts do work because the interpreter, busybox is signed). Unfortunately, busybox, if run this way will instantly drop its privileges.
|
||||||
Also, we cannot pass `LD_PRELOAD` to an `execv` call so the only way is to actually swap a library used by a signed executable that we can call.
|
Also, we cannot pass `LD_PRELOAD` to an `execv` call so the only way is to actually swap a library used by a signed executable that we can call.
|
||||||
|
|
||||||
Luckily, on my device there are two user-installed apps (every working terminal must have at least one) and they both use shared libraries with are writeable by the low privileged user. I wouldn't say that this itself is some kind of vulnerability because our current user is indeed the user responsible for installing (and thus if required overwriting) the applications and their assets.
|
Luckily, on my device there are two user-installed apps (every working terminal must have at least one) and they both use shared libraries which are writeable by the low privileged user. I wouldn't say that this itself is some kind of vulnerability because our current user is indeed the user responsible for installing (and thus if required overwriting) the applications and their assets.
|
||||||
|
|
||||||
|
|
||||||
So, some simple code like:
|
So, some simple code like:
|
||||||
@ -313,7 +313,7 @@ These libraries, on the device are in `/data/app/MAINAPP/lib/`. I choose to over
|
|||||||
/data/app/MAINAPP $ id
|
/data/app/MAINAPP $ id
|
||||||
uid=999(MAINAPP) gid=999(MAINAPP) groups=1(system),2(hwdev),999(MAINAPP),999(MAINAPP)
|
uid=999(MAINAPP) gid=999(MAINAPP) groups=1(system),2(hwdev),999(MAINAPP),999(MAINAPP)
|
||||||
/data/app/MAINAPP $ xtables-multi ip6tables -t nat -L --modprobe=/data/app/MAINAPP/bin/MablApp
|
/data/app/MAINAPP $ xtables-multi ip6tables -t nat -L --modprobe=/data/app/MAINAPP/bin/MablApp
|
||||||
Test ld_preload
|
LD_PRELOAD is working!
|
||||||
My UID is: 0. My GID is: 999. My EUID is: 0
|
My UID is: 0. My GID is: 999. My EUID is: 0
|
||||||
|
|
||||||
|
|
||||||
@ -393,4 +393,4 @@ EOD
|
|||||||
[..]
|
[..]
|
||||||
```
|
```
|
||||||
|
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user