Comment by still_grokking 17 hours ago How about SELinux, like on Android? 6 comments still_grokking Reply fuomag9 5 hours ago selinux on enforcement mode did not mitigate the exploit when I tested today on fedora coreos :( nromiun 12 hours ago To even get the su binary on Android you have to patch the OS. So this exploit can't work on Android. Because there is no su binary to target.Update: Just tried it on Termux and as expected even creating an AF_ALG socket requires root access. staticassertion 8 hours ago The specific exploit payload for the POC relies on a su binary. The vuln is ambivalent and other non-su paths will exist. nromiun 4 hours ago Of course, but it does not matter as the entire AF_ALG module is forbidden by SELinux anyway (on Android). 1 reply → staticassertion 16 hours ago I assume that wouldn't help here but I could easily be wrong. (Assuming if you're asking if SELinux would block this exploit).
fuomag9 5 hours ago selinux on enforcement mode did not mitigate the exploit when I tested today on fedora coreos :(
nromiun 12 hours ago To even get the su binary on Android you have to patch the OS. So this exploit can't work on Android. Because there is no su binary to target.Update: Just tried it on Termux and as expected even creating an AF_ALG socket requires root access. staticassertion 8 hours ago The specific exploit payload for the POC relies on a su binary. The vuln is ambivalent and other non-su paths will exist. nromiun 4 hours ago Of course, but it does not matter as the entire AF_ALG module is forbidden by SELinux anyway (on Android). 1 reply →
staticassertion 8 hours ago The specific exploit payload for the POC relies on a su binary. The vuln is ambivalent and other non-su paths will exist. nromiun 4 hours ago Of course, but it does not matter as the entire AF_ALG module is forbidden by SELinux anyway (on Android). 1 reply →
nromiun 4 hours ago Of course, but it does not matter as the entire AF_ALG module is forbidden by SELinux anyway (on Android). 1 reply →
staticassertion 16 hours ago I assume that wouldn't help here but I could easily be wrong. (Assuming if you're asking if SELinux would block this exploit).
selinux on enforcement mode did not mitigate the exploit when I tested today on fedora coreos :(
To even get the su binary on Android you have to patch the OS. So this exploit can't work on Android. Because there is no su binary to target.
Update: Just tried it on Termux and as expected even creating an AF_ALG socket requires root access.
The specific exploit payload for the POC relies on a su binary. The vuln is ambivalent and other non-su paths will exist.
Of course, but it does not matter as the entire AF_ALG module is forbidden by SELinux anyway (on Android).
1 reply →
I assume that wouldn't help here but I could easily be wrong. (Assuming if you're asking if SELinux would block this exploit).