LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

World-writable memory on Samsung Android phones

World-writable memory on Samsung Android phones

Posted Dec 17, 2012 17:08 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
In reply to: World-writable memory on Samsung Android phones by ssmith32
Parent article: World-writable memory on Samsung Android phones

Not quite the same. The PhysicalMemory device had always been protected by ACLs in Windows, requiring administrative access to read/write to it.

(Log in to post comments)

World-writable memory on Samsung Android phones

Posted Dec 17, 2012 17:12 UTC (Mon) by ledow (guest, #11753) [Link]

3DFX drivers for Windows basically always allowed the same (they had a system driver / service installed as administrator that allowed unchecked DMA to any memory region) and it was only discovered about 2-3 years ago (i.e. years after everyone had stopped using them because they were obsolete).

FireWire also had similar problems inherent in the design of the protocol itself that allowed systems to read any memory locat

It's pretty common. The question is how hard it is to exploit (i.e. this is incredibly easy, by just installing the "wrong" apk file) and how long it takes someone to find it (3DFX basically "got lucky" in that nobody noticed until nobody was using 3DFX drivers anyway).

World-writable memory on Samsung Android phones

Posted Dec 17, 2012 17:20 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

NVidia on Linux had the same vulnerability until early this year. It's not possible to really control the third-party drivers.

However, in this case Samsung's engineers should have known better.

World-writable memory on Samsung Android phones

Posted Dec 17, 2012 17:28 UTC (Mon) by andreasb (subscriber, #80258) [Link]

> FireWire also had similar problems inherent in the design of the protocol itself that allowed systems to read any memory

Every node has its own memory space, but that is an abstract concept with no requirement that it maps to the node's physical memory at all, much less that it maps 1:1 unrestricted. So that is not actually inherent in the protocol.

World-writable memory on Samsung Android phones

Posted Dec 17, 2012 17:43 UTC (Mon) by dpquigl (subscriber, #52852) [Link]

Actually it wasn't administrative privileges. Write access to /Device/PhysicalMemory has be exclusively given to the system user and no other user. Now you could add that its trivial to schedule something to run as system if you're administrator but if you're already the administrator what are you messing around with physical memory for. Just install a kernel driver and be done with it.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds