Project

General

Profile

Actions

RootingDevices

About root

Having root access on your computer empowers you to control your computer. Having users in control of their own computers is not a security vulnerability.
If you don't have root access, then you are locked out of your own computer, and this can be a very serious problem as you also have data in it, your data.
For instance if you can't copy your data outside and inside of the device, then you're stuck, and dependent on the software that is installed on that computer to use your data.

In general, root is also required for being able to use any network protocol you wish or want to design as the tun/tap interface or other mechanism to send RAW packets requires root: It really enables you to use net neutrality and Internet design principles in practice.
Some applications like USB mountr that makes use of the hardware features like the USB OTG to expose an USB iso over mass storage over the USB port require root. So it's a good idea to enable users to easily become root in Replicant.

However it's a good security practice not to give root access to programs that don't need it, or to people that you don't trust, as it could give them full control of the system.
And even if you trust programs enough, they could have vulnerabilities which enable an attacker to get root access.
So once the user is in control and has root, it's then a good idea not to have any vulnerabilities that could enable attackers to get root once they have code running in your computer.

Introduction

Many Android distributions that are shipped on the devices took away the ability for users to become root.
Because of that it's sometime necessary to become root within such distributions.
For instance it can enable you to backup and migrate your data from the stock Android distribution to Replicant, or enable to backup the stock OS, etc.

While running the stock distribution is not interesting per se if it's not fully free software, it can still be useful to do reverse engineering for instance.

Root exploits

Vulnerability names CVE Affected software and versions Free software implementation Status
Towelroot CVE-2014-3153 Linux 3.5 to 3.15 GPLv3 version, improved from github Not yet tested
* iovyroot
* Pipe-iovec root
CVE-2015-1805 Linux 2.6x to 3.15 * None of the 4 implementations on github were under a free software license
Ping-Pong Root CVE-2015-3636 Linux ? to 4.1
Dirty COW CVE-2016-5195 Linux 2.6.13 to 4.9 * List of some free and nonfree implementations
For the free implementations:
* GPLv3 (?) implementation in Go
* GPLv3 implementations in C++ and Go
* MIT implementation in crystal
* MIT implementation in C Uses assembly (x86_64 only at this time)
* LGPLv3(+?) implementation in C Tried 'cowpy', but it didn't work on I9100G:
* Tried replacing /system/bin/run-as from /system which is ro says "Done" but binary not changed
* Tried replacing /system.prop from / which is probably rw, says "Done" but binary not changed

Stock OS

Device Android version Kernel version Motivations
GT-I9100G_CHN_CHN 2.3.5 2.6.35.7 se.infra@SEI-30#2 * Making a full backup of the device without relying on nonfree and non-redistributable software

References

Updated by Denis 'GNUtoo' Carikli 7 months ago · 27 revisions