This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13328 18:23:41.051041 clock_gettime(CLOCK_MONOTONIC, {1794, 795397756}) = 0 <0.000092> | |
13328 18:23:41.051377 clock_gettime(CLOCK_MONOTONIC, {1794, 795733449}) = 0 <0.000092> | |
13328 18:23:41.138657 clock_gettime(CLOCK_MONOTONIC, {1794, 883013723}) = 0 <0.000092> | |
13328 18:23:41.138932 clock_gettime(CLOCK_MONOTONIC, {1794, 883288381}) = 0 <0.000061> | |
13328 18:23:41.139176 clock_gettime(CLOCK_MONOTONIC, {1794, 883532522}) = 0 <0.000061> | |
13328 18:23:41.139451 clock_gettime(CLOCK_MONOTONIC, {1794, 883776662}) = 0 <0.000061> | |
13328 18:23:41.139756 clock_gettime(CLOCK_MONOTONIC, {1794, 884112356}) = 0 <0.000061> | |
13328 18:23:41.140122 clock_gettime(CLOCK_MONOTONIC, {1794, 884448049}) = 0 <0.000061> | |
13328 18:23:41.140366 clock_gettime(CLOCK_MONOTONIC, {1794, 884692190}) = 0 <0.000061> | |
13328 18:23:41.140641 clock_gettime(CLOCK_MONOTONIC, {1794, 884966848}) = 0 <0.000061> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <sys/prctl.h> | |
#include <linux/seccomp.h> | |
#include <stdint.h> | |
#include <stddef.h> | |
#define __u16 uint16_t | |
#define __u32 uint32_t | |
#define __u64 uint64_t |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ ab -k -n 1000 -A XXX:XXX http://127.0.0.1:5984/jann_mail/8de31498bb790a5e6979f4b16f322481 | |
This is ApacheBench, Version 2.3 <$Revision: 1604373 $> | |
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ | |
Licensed to The Apache Software Foundation, http://www.apache.org/ | |
Benchmarking 127.0.0.1 (be patient) | |
Completed 100 requests | |
Completed 200 requests | |
Completed 300 requests | |
Completed 400 requests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mar 11 17:51:00 pc systemd-modules-load[307]: Failed to find module 'lp' | |
Mar 11 17:51:00 pc systemd-modules-load[307]: Module 'ppdev' is builtin | |
Mar 11 17:51:00 pc systemd-modules-load[307]: Module 'parport_pc' is builtin | |
Mar 11 17:51:00 pc systemd-modules-load[307]: Module 'fuse' is builtin | |
Mar 11 17:51:00 pc systemd[1]: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE | |
Mar 11 17:51:00 pc systemd[1]: Failed to start Load Kernel Modules. | |
Mar 11 17:51:00 pc systemd[1]: Dependency failed for netfilter persistent configuration. | |
Mar 11 17:51:00 pc systemd[1]: Unit systemd-modules-load.service entered failed state. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Content-Type: multipart/mixed; boundary="LpQ9ahxlCli8rRTG" | |
Content-Disposition: inline | |
--LpQ9ahxlCli8rRTG | |
Content-Type: text/plain; charset=us-ascii | |
Content-Disposition: inline | |
Hello, | |
two more pretty interesting issues (verified both on my phone): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EDIT: changed the domain names for public disclosure | |
Have a look at /data/data/com.android.browser/databases/webview.db, table "password". | |
columns: _id, host, username, password | |
"host" contains protocol and hostname concatenated without any delimiter. What this means: | |
- login to https://example.org/ with valid username and password | |
- go to http://sexample.org/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Android reuses UIDs, and IMO, it shouldn't do that, at least not without having rebooted once. | |
Reasons: | |
- the deinstallation process doesn't kill all processes with the UID of the app, and neither does | |
the installation process - therefore, an app can gain higher privileges by tricking the user | |
into uninstalling it and then installing another app with higher privileges | |
- there are app-writable filesystems which aren't protected against suid executables, so an app | |
could drop a suid-shell in one of those filesystems and thereby allow other malicious apps to | |
obtain full access to whatever app will be the next one to get assigned the uid (all filesystems | |
without nosuid, except for rootfs, seem to be temporary, so a reboot should wipe all suid executables) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When unpacking packages, there's a race that allows putting lib*.so files w= | |
ith standard permissions | |
into all kinds of places where they shouldn't be. How to exploit: | |
- let your app move its "lib" directory away (or delete it if it's empty) | |
- let your app create a new "lib" directory (owned by the app) | |
- run something like this in the background while the user is installing a= | |
n update containing evil shared objects: | |
while ls -ld lib|grep app_68 > /dev/null; do true; done; mv lib lib-= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <jh.h> | |
#include <string.h> | |
#include <arpa/inet.h> | |
#include <assert.h> | |
#include <fcntl.h> | |
/* Table of CRCs of all 8-bit messages. */ | |
unsigned long crc_table[256]; | |