Page 1 of 2 1 2
Reply
Thread Tools
PMaff's Avatar
PMaff is offline PMaff
2010-11-04 , 09:55
Posts: 361 | Thanked: 219 times | Joined on Sep 2010
#1
Interesting:
"# The Android kernel tested by Coverity revealed 359 software defects, which is a sample of what might be shipping in popular mobile and other Android-based devices.
# 25 percent of the Android defects found are high risk with the potential to cause security breaches and crashes."

http://www.coverity.com/html/press/c...n-android.html

I wanted to say "I know why I do not use Android" ;-) but otoh:
do we have such analyses for Maemo?
 

The Following User Says Thank You to PMaff For This Useful Post:
Matan is offline Matan
2010-11-04 , 10:04
Posts: 1,224 | Thanked: 1,763 times | Joined on Jul 2007
#2
The android kernel is Linux kernel, probably most of those "defects" are in Maemo as well.

And defining a flaw that can give a user root access as "high risk" on a single user machine, where user can do practically anything, including sending all your private data anywhere and cost you any sum in fees and the only addition thing root can do is to require a 5 minutes reflash of the system, is nothing but a cheap publicity stunt.
__________________
My repository

"N900 community support for the MeeGo-Harmattan" Is the new "Mer is Fremantle for N810".

No more Nokia devices for me.
 

The Following 11 Users Say Thank You to Matan For This Useful Post:
lma is offline lma
2010-11-04 , 10:38
Posts: 2,802 | Thanked: 4,491 times | Joined on Nov 2007
#3
Originally Posted by Matan View Post
The android kernel is Linux kernel, probably most of those "defects" are in Maemo as well.
Indeed, it might be interesting to know what percentage of these also apply to vanilla 2.6.32 and how many of those have since been fixed in Linus's tree but ignored downstream.

the only addition thing root can do is to require a 5 minutes reflash of the system, is nothing but a cheap publicity stunt.
Root in the wrong hands can be a bit more destructive than that, eg overwrite the NOLO mtd partition (requiring a roundtrip to a Nokia service centre at least), pin the CPU clock as high as possible (potentially killing the chip via overheating), or mess with the charging logic (potential for things going boom).
 

The Following 9 Users Say Thank You to lma For This Useful Post:
noobmonkey's Avatar
noobmonkey is offline noobmonkey
2010-11-04 , 11:07
Posts: 3,203 | Thanked: 1,391 times | Joined on Nov 2009 @ Worthing, England
#4
I'm waiting for the attack of desktop sheep roaming around on the n900 - like on windows in the 90's.... oh the joys (Process killer, but genius to watch as the single sheep multiplies into 10,000 and windows topples over!)
__________________
----------- Follow me on Twitter here
----------- My Photography Website and Blog is here
----------- Author of the N900 Health Check Application ----------- New Version in Extras Devel (Dec 2010 - 2.9.10)
----------- Are you on the N900 World Map? - http://pininthemap.com/maemo - masterpin: shotgun
----------- What apps do you want to see on the n900 or in MeeGo in the future? -
 
kureyon is offline kureyon
2010-11-04 , 17:08
Posts: 992 | Thanked: 738 times | Joined on Jun 2010 @ Low Earth Orbit
#5
Originally Posted by PMaff View Post
I wanted to say "I know why I do not use Android" ;-) but otoh:
do we have such analyses for Maemo?
Report also says
"The Coverity Scan results for the Android kernel we tested show a better than average defect density, meaning this specific kernel is shipping with fewer defects than the industry average for software of this size,"
 
javispedro's Avatar
javispedro is offline javispedro
2010-11-04 , 17:21
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#6
Not to mention that you cannot, theoretically, declare any potential NULL dereference pointer found in a static analysis of source code a "security issue". At most, it is a potential one.
 
microe is offline microe
2010-11-04 , 17:37
Posts: 93 | Thanked: 30 times | Joined on Oct 2007 @ Glendale, CA
#7
> At most, it is a potential one.

Never, ever marginalize the effect of an invalid pointer in kernel space.
 
microe is offline microe
2010-11-04 , 17:41
Posts: 93 | Thanked: 30 times | Joined on Oct 2007 @ Glendale, CA
#8
Originally Posted by Matan View Post
And defining a flaw that can give a user root access as "high risk" on a single user machine, where user can do practically anything, including sending all your private data anywhere and cost you any sum in fees and the only addition thing root can do is to require a 5 minutes reflash of the system, is nothing but a cheap publicity stunt.
Since the last DEFCON showed off an Android remote exploit that only required a minimal amount of user input and a way to create one's own cell that piggy-backs the actual cell, I wouldn't call this a publicity stunt. And coverity ain't cheap
 

The Following User Says Thank You to microe For This Useful Post:
PMaff's Avatar
PMaff is offline PMaff
2010-11-04 , 18:17
Posts: 361 | Thanked: 219 times | Joined on Sep 2010
#9
Originally Posted by javispedro View Post
Not to mention that you cannot, theoretically, declare any potential NULL dereference pointer found in a static analysis of source code a "security issue". At most, it is a potential one.
If it is one of the kind x->y=something where x is NULL (for whatever reason) I would say this is an issue anyway.
 
javispedro's Avatar
javispedro is offline javispedro
2010-11-04 , 18:21
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#10
Originally Posted by microe View Post
> At most, it is a potential one.

Never, ever marginalize the effect of an invalid pointer in kernel space.
I do marginalize the effectiveness of a static analysis code tool for detecting such issues.
Code:
struct some_interface *c = get_from_global_variable();
some_callback_type f = default_callback();

if (c->do_something(c, &f)) {
   f();
}
What's a static code analysis tool doing to do here? It may
a ) Either detect a "potential NULL dereference", thus indicating that the 5000000 potential bugs found count is pure crap.
b) Do nothing. I do not know which one is worse!
c) Somehow magically deduce all posible code paths and follow them all to detect where the actual bug is. The list of all available code paths does not only depend on hardware configuration but might actually even depend on the current time.

Not to mention the above is a pretty common idiom, specially if, as according to the makers of this tool themselves, "dereferencing function pointers is quite common on the kernel".

Since the last DEFCON showed off an Android remote exploit that only required a minimal amount of user input and a way to create one's own cell that piggy-backs the actual cell, I wouldn't call this a publicity stunt. And coverity ain't cheap
I do not see why a local root exploit would have help here. Specially one where you to exploit you need to get to usually sandbox forbidden functionality such as mmap().

Now on Maemo getting root is usually as easy as running any of the numerous setuid binaries or sudoers-listed programs, so I can understand why it doesn't matter. On other platforms, maybe that's not true. On WebOS at least, _every application_ already runs as root by default, and there was no normal user at all until a recent version.

Now, of course their tools ain't cheap. They're doing a great service to the community IMHO but also getting some free marketing for a tool a decade or two ago would be laughed at.

Note: not saying it is useless; it's as useless as getting a human to do it: they might get it wrong, but "the more eyes...".
Last edited by javispedro; 2010-11-04 at 18:27.
 

The Following 2 Users Say Thank You to javispedro For This Useful Post:
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 07:31.

Contact Us - Home - Archive - Top