Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <546DD2F9.6050603@debian.org>
Date: Thu, 20 Nov 2014 11:39:37 +0000
From: Simon McVittie <smcv@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: Linux user namespaces can bypass group-based
 restrictions

On 20/11/14 08:49, Vitor Ventura wrote:
> I was wondering if this might pose a problem to android's application file
> sandboxing. If an application can run a native lib that could exploits this
> it might have access to other aplication files.

Only if Android has groups that act as "anti-capabilities", i.e. members
of the group are less privileged than non-members. For instance, if I
remember correctly, the grsecurity patchset has (or used to have) the
ability to deny networking to members of a designated group while
allowing it for everyone else.

I don't know of any groups in Android that are anti-capabilities, and
nothing in
<http://osxr.org/android/source/system/core/include/private/android_filesystem_config.h>
looks like an obvious anti-capability. Do you know of any?

    S

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.