The Following User Says Thank You to PMaff For This Useful Post: | ||
|
2010-11-04
, 10:04
|
Posts: 1,224 |
Thanked: 1,763 times |
Joined on Jul 2007
|
#2
|
|
2010-11-04
, 10:38
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#3
|
The android kernel is Linux kernel, probably most of those "defects" are in Maemo as well.
the only addition thing root can do is to require a 5 minutes reflash of the system, is nothing but a cheap publicity stunt.
The Following 9 Users Say Thank You to lma For This Useful Post: | ||
|
2010-11-04
, 11:07
|
|
Posts: 3,203 |
Thanked: 1,391 times |
Joined on Nov 2009
@ Worthing, England
|
#4
|
|
2010-11-04
, 17:08
|
Posts: 992 |
Thanked: 738 times |
Joined on Jun 2010
@ Low Earth Orbit
|
#5
|
I wanted to say "I know why I do not use Android" ;-) but otoh:
do we have such analyses for Maemo?
"The Coverity Scan results for the Android kernel we tested show a better than average defect density, meaning this specific kernel is shipping with fewer defects than the industry average for software of this size,"
|
2010-11-04
, 17:21
|
|
Posts: 2,355 |
Thanked: 5,249 times |
Joined on Jan 2009
@ Barcelona
|
#6
|
|
2010-11-04
, 17:37
|
Posts: 93 |
Thanked: 30 times |
Joined on Oct 2007
@ Glendale, CA
|
#7
|
|
2010-11-04
, 17:41
|
Posts: 93 |
Thanked: 30 times |
Joined on Oct 2007
@ Glendale, CA
|
#8
|
And defining a flaw that can give a user root access as "high risk" on a single user machine, where user can do practically anything, including sending all your private data anywhere and cost you any sum in fees and the only addition thing root can do is to require a 5 minutes reflash of the system, is nothing but a cheap publicity stunt.
The Following User Says Thank You to microe For This Useful Post: | ||
|
2010-11-04
, 18:17
|
|
Posts: 361 |
Thanked: 219 times |
Joined on Sep 2010
|
#9
|
Not to mention that you cannot, theoretically, declare any potential NULL dereference pointer found in a static analysis of source code a "security issue". At most, it is a potential one.
|
2010-11-04
, 18:21
|
|
Posts: 2,355 |
Thanked: 5,249 times |
Joined on Jan 2009
@ Barcelona
|
#10
|
> At most, it is a potential one.
Never, ever marginalize the effect of an invalid pointer in kernel space.
struct some_interface *c = get_from_global_variable(); some_callback_type f = default_callback(); if (c->do_something(c, &f)) { f(); }
Since the last DEFCON showed off an Android remote exploit that only required a minimal amount of user input and a way to create one's own cell that piggy-backs the actual cell, I wouldn't call this a publicity stunt. And coverity ain't cheap
"# The Android kernel tested by Coverity revealed 359 software defects, which is a sample of what might be shipping in popular mobile and other Android-based devices.
# 25 percent of the Android defects found are high risk with the potential to cause security breaches and crashes."
http://www.coverity.com/html/press/c...n-android.html
I wanted to say "I know why I do not use Android" ;-) but otoh:
do we have such analyses for Maemo?