On 13 November 2013 08:00, Martin Pitt <email address hidden> wrote:
> Review: Needs Fixing
>
> What's the purpose of setting owner and group if the permissions are 666 anyway? Is there any way the permissions could be made to not be world-writable, especially for the ttyS*? What do the qemu_* devices do, are these potentially security/robustness relevant?
Well, that's just copy/paste what's done on stock android. Indeed
having them non world-writable would be better, not sure what will
break. qemu_* devices communicate with qemu devices (hypervisor?) and
host OS (adb). Not sure how the attack vector would look like, given
that it is emulator. I'll open a bug to limit the permissions on
these. Since this branch is merged already.
On 13 November 2013 08:00, Martin Pitt <email address hidden> wrote:
> Review: Needs Fixing
>
> What's the purpose of setting owner and group if the permissions are 666 anyway? Is there any way the permissions could be made to not be world-writable, especially for the ttyS*? What do the qemu_* devices do, are these potentially security/robustness relevant?
Well, that's just copy/paste what's done on stock android. Indeed
having them non world-writable would be better, not sure what will
break. qemu_* devices communicate with qemu devices (hypervisor?) and
host OS (adb). Not sure how the attack vector would look like, given
that it is emulator. I'll open a bug to limit the permissions on
these. Since this branch is merged already.
Regards,
Dmitrijs.