No surefire way to bypass linker namespaces on Android 7.0 Nougat #2
Comments
Chainfire
changed the title
Chainfire
changed the title
|
From other projects, it seems like moving to /dev and using /system/lib/libandroid_runtime.so's context (it varies between Android versions) may work. |
|
Nice |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Linker namespace were introduced in Android 7.0 Nougat. The linker prevents libraries from outside of the namespace-permitted paths to be loaded into a binary.
There are a couple of ways to bypass linker namespaces, one is setting LD_LIBRARY_PATH before executing the binary that is being injected. That is not always a workable solution, though.
From Android 8.0 onwards, linker namespaces are relaxed for libraries loaded from tmpfs, so on 8.0+ we can simply move the library to be injected to /dev, but this still does not always leave us with an option for 7.0.
The text was updated successfully, but these errors were encountered: