diff options
author | Nick Kralevich <nnk@google.com> | 2012-01-27 13:06:53 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2012-04-27 14:18:02 -0700 |
commit | 25dd43a9a5073f0e59102750cb0410b8e9bc9847 (patch) | |
tree | 40a30dab41a4879b4282151dac6d893dfca91e1e /rootdir | |
parent | a02ff986fc0fe5543bb2168814eee04eac8ef579 (diff) | |
download | system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.zip system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.tar.gz system_core-25dd43a9a5073f0e59102750cb0410b8e9bc9847.tar.bz2 |
Restrict zygote to system user.
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
Diffstat (limited to 'rootdir')
-rw-r--r-- | rootdir/init.rc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index 28cd26c..236c97b 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -414,7 +414,7 @@ service surfaceflinger /system/bin/surfaceflinger service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server class main - socket zygote stream 666 + socket zygote stream 660 root system onrestart write /sys/android_power/request_state wake onrestart write /sys/power/state on onrestart restart media |