Date: Thu, 20 Nov 2014 11:39:37 +0000 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Re: Linux user namespaces can bypass group-based restrictions On 20/11/14 08:49, Vitor Ventura wrote: > I was wondering if this might pose a problem to android's application file > sandboxing. If an application can run a native lib that could exploits this > it might have access to other aplication files. Only if Android has groups that act as "anti-capabilities", i.e. members of the group are less privileged than non-members. For instance, if I remember correctly, the grsecurity patchset has (or used to have) the ability to deny networking to members of a designated group while allowing it for everyone else. I don't know of any groups in Android that are anti-capabilities, and nothing in <http://osxr.org/android/source/system/core/include/private/android_filesystem_config.h> looks like an obvious anti-capability. Do you know of any? S
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.