Config file can be leveraged to run arbitrary code with root permissions #2
Comments
|
Hello. Thank you so much for reporting this! When the project was small and personal, I used the sourcing method as an easy way to use a makeshift configuration method. I was aware that this is a huge vulnerability but I figured it wouldn't be a problem since the project was really, really small. Alas, I have forgotten about it. Thanks to you, I am reminded about it again. Certainly, I will look for ways to read from a file safely instead of executing/sourcing it. But first I need to solve a number of bugs reported on XDA thread. I hope that would not bother you. Regards! |
|
Hello, nice to hear from you. I think it should suffice to move the config file to a place owned by root to protect it from being tampered with. Anyways, thanks for your work on this! |
It is really dangerous to execute a world writable file with root privileges. Anyone with storage access could add their own and possibly malicious commands to that file and use root permissions in the name of ts-binds. To prevent this, the config file must either be protected or never executed on a shell. Parsing the file directly inside ts-binds could do the trick here.
The text was updated successfully, but these errors were encountered: