Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kernel: Relax dentry_path_raw compare in core_hook #2041

Merged
merged 1 commit into from
Sep 7, 2024

Conversation

hmtheboy154
Copy link
Contributor

@hmtheboy154 hmtheboy154 commented Sep 6, 2024

On Android-x86 (or BlissOS) it initialize Android by using switch_root or chroot, when checking a path with dentry_path_raw() it will show the whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for "/system/packages.list" in the string instead of requiring the path to be "/system/packages.list"

This fixes #1783

On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show
the whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for "/system/packages.list"
in the string instead of requiring the path to be "/system/packages.list"

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
@tiann tiann enabled auto-merge (squash) September 7, 2024 02:58
@tiann tiann merged commit 27bb249 into tiann:main Sep 7, 2024
19 of 20 checks passed
rsuntk pushed a commit to rsuntk/KernelSU that referenced this pull request Sep 7, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
fukiame pushed a commit to TelegramAt25/KernelSU-shukusai that referenced this pull request Sep 7, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
fukiame added a commit to TelegramAt25/KernelSU-shukusai that referenced this pull request Sep 16, 2024
…iann#2041)"

save_allow_list create file failed: -13

This reverts commit 76abcd3.

Signed-off-by: fukiame <fukiame@proton.me>
kutemeikito added a commit to kutemeikito/KernelSU that referenced this pull request Sep 23, 2024
* 'main' of https://github.com/tiann/KernelSU:
  js: add moduleInfo method (tiann#2057)
  Update doc for zh_CN (tiann#2049)
  Translations update from Hosted Weblate (tiann#2008)
  build(deps): bump the npm group across 1 directory with 24 updates (tiann#2040)
  kernel: Relax dentry_path_raw compare in core_hook (tiann#2041)
  build(deps): bump peter-evans/create-pull-request from 6 to 7 in the actions group (tiann#2031)
  website/docs: add N0Kernel and NOVA kernels (tiann#2012)
  Add Italian translations for README (tiann#2018)

Signed-off-by: Edwiin Kusuma Jaya <kutemeikito0905@gmail.com>
xxmustafacooTR pushed a commit to xxmustafacooTR/KernelSU that referenced this pull request Sep 25, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
LeCmnGend pushed a commit to LeCmnGend/KernelSU that referenced this pull request Sep 29, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Oct 20, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
@arter97
Copy link
Contributor

arter97 commented Oct 28, 2024

Isn't this potentially exploitable?
e.g., /sdcard/i_am_evil/system/packages.list

Are there anything sensitive in /system/packages.list in perspective of KernelSU?

@hmtheboy154
Copy link
Contributor Author

Are there anything sensitive in /system/packages.list in perspective of KernelSU?

@tiann can you help ?

@tiann
Copy link
Owner

tiann commented Nov 12, 2024

This is just a trigger action. Once this file is changed, we will check if the manager has changed. However, which app is chosen as the manager has no relation to this file.

backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 14, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 27, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 27, 2024
This corresponds to v0.9.5 / 11872 upstream with the cherry-picks from upstream:
	Convert devpts domain to ksu_file (tiann#1801)
	throne_tracker: skip iterate if failed to open dir (tiann#1832)
	kernel: Relax dentry_path_raw compare in core_hook (tiann#2041)
	kernel/core_hook.c: use upstream ksu_umount_mnt
	kernel: require path_umount backporting

Addendums for the sake of legacy maintenance:
	treewide: tree prep for kernel-driver only
	kernel: expose allowlist workaround as Kconfig option
	kernel: selinux: add security_bounded_transition hook for < 4.14
	kernel: selinux: fix redefined KERNEL_SU_DOMAIN
	kernel/ksu.c: disable KPROBES=n warning
	KernelSU: 11872-klts

Warning:
	Kernel built with this branch will not work with the provided manager from this repo.
	Use KernelSU v1.0.1 Manager.

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 27, 2024
This corresponds to v0.9.5 / 11872 upstream with the cherry-picks from upstream:
	Convert devpts domain to ksu_file (tiann#1801)
	throne_tracker: skip iterate if failed to open dir (tiann#1832)
	kernel: Relax dentry_path_raw compare in core_hook (tiann#2041)
	kernel/core_hook.c: use upstream ksu_umount_mnt
	kernel: require path_umount backporting

Addendums for the sake of legacy maintenance:
	treewide: tree prep for kernel-driver only
	kernel: expose allowlist workaround as Kconfig option
	kernel: selinux: add security_bounded_transition hook for < 4.14
	kernel: selinux: fix redefined KERNEL_SU_DOMAIN
	kernel/ksu.c: disable KPROBES=n warning
	KernelSU: 11872-klts

Warning:
	Kernel built with this branch will not work with the provided manager from this repo.
	Use KernelSU v1.0.1 Manager.

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 27, 2024
This corresponds to v0.9.5 / 11872 upstream with the cherry-picks from upstream:
	Convert devpts domain to ksu_file (tiann#1801)
	throne_tracker: skip iterate if failed to open dir (tiann#1832)
	kernel: Relax dentry_path_raw compare in core_hook (tiann#2041)
	kernel/core_hook.c: use upstream ksu_umount_mnt
	kernel: require path_umount backporting

Addendums for the sake of legacy maintenance:
	treewide: tree prep for kernel-driver only
	kernel: expose allowlist workaround as Kconfig option
	kernel: selinux: add security_bounded_transition hook for < 4.14
	kernel: selinux: fix redefined KERNEL_SU_DOMAIN
	kernel/ksu.c: disable KPROBES=n warning
	KernelSU: 11872-klts

Warning:
	Kernel built with this branch will not work with the provided manager from this repo.
	Use official KernelSU v1.0.1 Manager.

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 27, 2024
This corresponds to v0.9.5 / 11872 upstream with cherry-picks from upstream:
	Convert devpts domain to ksu_file (tiann#1801)
	throne_tracker: skip iterate if failed to open dir (tiann#1832)
	kernel: Relax dentry_path_raw compare in core_hook (tiann#2041)
	kernel/core_hook.c: use upstream ksu_umount_mnt
	kernel: require path_umount backporting

Addendums for the sake of legacy maintenance:
	treewide: tree prep for kernel-driver only
	kernel: expose allowlist workaround as Kconfig option
	kernel: selinux: add security_bounded_transition hook for < 4.14
	kernel: selinux: fix redefined KERNEL_SU_DOMAIN
	kernel/ksu.c: disable KPROBES=n warning
	KernelSU: 11872-klts

Warning:
	Kernel built with this branch will not work with the provided manager from this repo.
	Use official KernelSU v1.0.1 Manager.

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Dec 7, 2024
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.

Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"

This fixes tiann#1783

Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

KSU report "not installed" on installed system, but "installed" on Live boot when using BlissOS
3 participants