Project

General

Profile

RootingDevices » History » Version 17

Denis 'GNUtoo' Carikli, 03/08/2020 05:13 PM

1 1 Denis 'GNUtoo' Carikli
h1. RootingDevices
2
3
h2. About root
4
5
Having root access on your computer empowers you to control your computer. Having users in control of their own computers is not a security vulnerability.
6
If you don't have root access, then you are locked out of your own computer, and this can be a very serious problem as you also have data in it, your data.
7
For instance if you can't copy your data outside and inside of the device, then you're stuck, and dependent on the software that is installed on that computer to use your data.
8
9 2 Denis 'GNUtoo' Carikli
In general, root is also required for being able to use any network protocol you wish or want to design as the tun/tap interface or other mechanism to send RAW packets requires root: It really enables you to use net neutrality and Internet design principles in practice.
10 3 Denis 'GNUtoo' Carikli
Some applications like "USB mountr":https://f-droid.org/en/packages/streetwalrus.usbmountr/ that makes use of the hardware features like the USB OTG to expose an USB iso over mass storage over the USB port require root. So it's a good idea to enable users to easily become root in Replicant.
11 1 Denis 'GNUtoo' Carikli
12
However it's a good security practice not to give root access to programs that don't need it, or to people that you don't trust, as it could give them full control of the system.
13
And even if you trust programs enough, they could have vulnerabilities which enable an attacker to get root access.
14
So once the user is in control and has root, it's then a good idea not to have any vulnerabilities that could enable attackers to get root once they have code running in your computer.
15
16
h2. Introduction
17
18
Many Android distributions that are shipped on the devices, but not all of them, took away the ability for users to become root.
19
Because of that it's sometime necessary to become root within such distributions.
20
For instance it can enable you to backup and migrate your data from the stock Android distribution to Replicant, or enable to backup the stock OS, etc.
21
22
h2. Root exploits
23
24 15 Denis 'GNUtoo' Carikli
|_. Vulnerability names |_. CVE |_. Affected software and versions |_. Free software implementation | Status |
25 1 Denis 'GNUtoo' Carikli
| Towelroot | "CVE-2014-3153":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 | Linux 3.5 to 3.15 | "GPLv3 version, improved from github":https://git.replicant.us/contrib/GNUtoo/towelroot | Not yet tested |
26 15 Denis 'GNUtoo' Carikli
| * iovyroot
27 17 Denis 'GNUtoo' Carikli
* Pipe-iovec root | "CVE-2015-1805":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805 | Linux 2.6x to 3.15 | * None of "the 4 implementations on github":https://github.com/search?q=CVE-2015-1805 were under a free software license | |
28 16 Denis 'GNUtoo' Carikli
| Ping-Pong Root | "CVE-2015-3636":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636 | Linux ? to 4.1 | | |
29 14 Denis 'GNUtoo' Carikli
| "Dirty COW":https://dirtycow.ninja/ | "CVE-2016-5195":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195 | | | |
30 9 Denis 'GNUtoo' Carikli
31
h2. References
32
33
* https://github.com/ucam-cl-dtg/android-vulnerabilities/