LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

2 weeks isn't completely unreasonable.

2 weeks isn't completely unreasonable.

Posted Nov 6, 2008 11:48 UTC (Thu) by alex (subscriber, #1355)
In reply to: 2 weeks isn't completely unreasonable. by jimparis
Parent article: Android's first vulnerability

It may well be intentional as development tool. Likely they forgot to remove from the release images either by accident or design.

(Log in to post comments)

2 weeks isn't completely unreasonable.

Posted Nov 6, 2008 14:16 UTC (Thu) by jimparis (subscriber, #38647) [Link]

A development tool would be a setuid telnetd binary, not a magic telnetd binary that grants euid=0 without being setuid.

Someone from Google has mentioned to me via IRC that it's definitely not intentional. I still haven't managed to track down the cause though.

2 weeks isn't completely unreasonable.

Posted Nov 6, 2008 16:21 UTC (Thu) by jimparis (subscriber, #38647) [Link]

Nevermind, I found it -- init spawns a root shell on /dev/console that picks up all keyboard input. Hilarious!
http://android.jim.sh/index.php/ConsoleShell

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds