Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dirtycow exploit - a serious risk for us currently #37

Open
jcadduono opened this Issue Nov 4, 2016 · 4 comments

Comments

Projects
None yet
5 participants
@jcadduono
Copy link
Collaborator

jcadduono commented Nov 4, 2016

Everyone who is maintaining a kernel in the project please consider patching your kernel ASAP and submitting a pull request.

3.4: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=1c8544a93151329be95f702f6f4029f860b77ee7
3.10: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=9691eac5593ff1e2f82391ad327f21d90322aec1
3.18: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354

It should apply mostly cleanly over the proper kernel major versions. Use git am xx.patch, and then use patch -p1 < xx.patch if it fails followed by git am --continue.

This is a serious issue because NetHunter kernels are almost always running in permissive due to the complication of injecting massive amounts of policies to cover the chroot. In permissive, this gives ANY android app limited root access to your device.

Example exploit: http://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
(yes, I used dirtycow to root a device, it's also a friendly exploit in the right hands!)

People could take my exploit and change a few things to do much worse things than flash a recovery partition.

Safely patched kernels

  • Galaxy Note 7 (1.4+)
  • Galaxy S7 (1.4+)
  • Galaxy S7 edge (1.4+)
  • Nexus 6 (CyanogenMod, 2.4+)
  • Jiayu S3 Advanced (1.0+)
  • ZTE Axon 7
@discipuloosho

This comment has been minimized.

Copy link
Contributor

discipuloosho commented Nov 7, 2016

@DKingCN

This comment has been minimized.

Copy link
Contributor

DKingCN commented Nov 17, 2016

I checked and found the kernel of Jiayu S3 already patched.
Thanks.

@ariafan

This comment has been minimized.

Copy link
Contributor

ariafan commented Apr 28, 2017

[ido] is already patched

@lavanoid

This comment has been minimized.

Copy link
Contributor

lavanoid commented Apr 14, 2019

One M8 patched. Just waiting for my pull request to be accepted, then I can provide a new zImage.

lavanoid/android_kernel_htc_m8gpe@869fce8

lavanoid added a commit to lavanoid/nethunter-devices that referenced this issue Apr 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.