vulnerability in OTA signature check mechanism
Bug #1506887 reported by
Ondrej Kubik
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
android (Ubuntu) |
Fix Released
|
High
|
Ondrej Kubik |
Bug Description
Cleverly constructed key signature tarball can bypass signature check.
If tarball contains symbolic link to the directory outside of the working folder followed then by file based on this symbolic link , tar will follow the link and creates new file outside of the working folder, which is not desired and can alter behaviour of the system.
Changed in android (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Ondrej Kubik (w-ondra) |
To post a comment you must log in.
Ondrej is preparing a workaround fix in our system- image-upgrader script.
However, the core issue lies in busybox's tar implementation. I've opened an upstream busybox bug for that issue:
https:/ /bugs.busybox. net/show_ bug.cgi? id=8411