O'Reilly logo

Android Security Cookbook by Scott Alexander-Bown, Keith Makan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Inspecting file permissions

One of the most commonly exploited ways to escalate privileges from within a local context is to abuse discrepancies and inadequacies in the way filesystem permissions—or access rights—are set up in an operating system. There are countless instances of vulnerabilities and privilege escalation attack methods that abuse file permissions, be it the setuid flag on a globally executable vulnerable binary, such as su or symlink, or the race condition attack on a file that is globally readable and written to by a superuser-owned application; for example, pulse audio CVE-2009-1894.

Being able to clearly identify any potential entry points presented by the filesystem is a good place to start defining the Android native attack ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required