Browse files

Fix journal security hole

  • Loading branch information...
1 parent 635da65 commit 6bd7a49c1e26d382dc69e32a6e8886fd281afc98 @friedger friedger committed Aug 1, 2012
Showing with 23 additions and 12 deletions.
  1. +3 −0 .gitignore
  2. +5 −1 Safe/src/org/openintents/safe/DBHelper.java
  3. +1 −0 SafeDemo/.classpath
  4. +0 −11 SafeDemo/default.properties
  5. +14 −0 SafeDemo/project.properties
View
3 .gitignore
@@ -0,0 +1,3 @@
+*/bin
+*/gen
+*/build-private.properties
View
6 Safe/src/org/openintents/safe/DBHelper.java
@@ -121,7 +121,11 @@ public DBHelper(Context ctx) {
myCtx = ctx;
try {
db = myCtx.openOrCreateDatabase(DATABASE_NAME, 0,null);
-
+
+ // avoid journals in the file system as it gives access to the passwords.
+ // FIXME: if you can get hold of a memory dump you could still get access to the passwords.
+ db.rawQuery("PRAGMA journal_mode=MEMORY",null);
+
// Check for the existence of the DBVERSION table
// If it doesn't exist than create the overall data,
// otherwise double check the version
View
1 SafeDemo/.classpath
@@ -3,5 +3,6 @@
<classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="com.android.ide.eclipse.adt.ANDROID_FRAMEWORK"/>
<classpathentry kind="src" path="gen"/>
+ <classpathentry exported="true" kind="con" path="com.android.ide.eclipse.adt.LIBRARIES"/>
<classpathentry kind="output" path="bin"/>
</classpath>
View
11 SafeDemo/default.properties
@@ -1,11 +0,0 @@
-# This file is automatically generated by Android Tools.
-# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
-#
-# This file must be checked in Version Control Systems.
-#
-# To customize properties used by the Ant build system use,
-# "build.properties", and override values to adapt the script to your
-# project structure.
-
-# Project target.
-target=android-9
View
14 SafeDemo/project.properties
@@ -0,0 +1,14 @@
+# This file is automatically generated by Android Tools.
+# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
+#
+# This file must be checked in Version Control Systems.
+#
+# To customize properties used by the Ant build system edit
+# "ant.properties", and override values to adapt the script to your
+# project structure.
+#
+# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
+#proguard.config=${sdk.dir}\tools\proguard\proguard-android.txt:proguard-project.txt
+
+# Project target.
+target=android-9

0 comments on commit 6bd7a49

Please sign in to comment.