It's very bizarre that the root hole exists. A Java app (ie. pTerminal) can spawn local applications. This is done with real uid (and effective uid and saved uid) set to eg. 10040. No big deal. But if you execute /system/bin/telnetd, it acts like it was setuid root and runs with euid=0 -- even though it's not setuid root. Almost seems like an intentional backdoor...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds