Future versions of Android will be more resilient to exploits, thanks to developers' efforts to integrate the latest Linux kernel defenses into the operating system.
Android's security model relies heavily on the Linux kernel that sits at its core. As such, Android developers have always been interested in adding new security features that are intended to prevent potentially malicious code from reaching the kernel, which is the most privileged area of the operating system.
[...] One new configuration option called CONFIG_DEBUG_RODATA segments the kernel memory into multiple sections and limits how much of this memory is writeable and executable. Attackers need writeable and executable memory pages in order to inject malicious code into them via exploits, and then run that code with kernel privileges.
Another config option, called CONFIG_CPU_SW_DOMAIN_PAN, prevents the kernel from directly accessing user space memory, giving attackers even less control over where their exploits can execute code.
Also reported at The Register.
(Score: 4, Informative) by RamiK on Saturday July 30 2016, @07:39PM
https://forums.grsecurity.net/viewtopic.php?f=3&t=1630 [grsecurity.net]
compiling...
(Score: 1, Informative) by Anonymous Coward on Saturday July 30 2016, @07:49PM
I was going to call you snarky but damn you werent kidding!
(Score: 0) by Anonymous Coward on Saturday July 30 2016, @11:02PM
Google still thinks spinlocks in Android are a great idea. So why expect much from them?
(Score: 0) by Anonymous Coward on Saturday July 30 2016, @08:14PM
One (or I) wonder how big the effect will be due to all the people insisting on jail breaking their phones and devices.
(Score: 2) by Pino P on Sunday July 31 2016, @05:21AM
I thought Nexus devices still had unlockable bootloaders. Or did you mean specifically without having to do a factory reset?
(Score: 2) by Subsentient on Saturday July 30 2016, @08:18PM
Fuckin' Android. The Anti-Linux. Does everything it can to prevent you from getting root.
Shame on google.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 2) by frojack on Saturday July 30 2016, @08:50PM
Fuckin' Android. The Anti-Linux. Does everything it can to prevent you from getting root.
Shame on google.
Seems to me its not all that hard.
"Getting root" seems to be source of most of the exploits you see in the wild.
Just google "silently root android" to see how common it is for malware to root phones. Combine that with the tendency of every teenager to root their phone for no rational purpose and you have a situation ripe for abuse.
The problem wasn't that Google made it hard, It should be hard. It was that google used that to protect all the spyware and un-removable apps that manufacturers and carriers foist on the user. Lots of people root just to get rid of crap-ware.
That and the fact that fine-grained permissions didn't arrive until something like the 10th or 12th release of android made the phone into a spy platform exploitable by any random app author.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Saturday July 30 2016, @09:12PM
Dick Bathroom-Stall Man said anybody who wants root should have root. For the FREEEEEDOOOOOOOOOMS.
(Score: 2) by Kunasou on Saturday July 30 2016, @09:19PM
But almost always people do wrong rooting (like using Kingroot) which adds even more spyware (itself, purify...) unless you clean flash the thing...
Root should be accessible for developers easily with adb (pc) but not directly from the device since the apps shouldn't be trusted.
I use root everyday on my device since I have installed several utilies like: AfWall+ (frontend for iptables, https://github.com/ukanth/afwall/ [github.com] ), logcat, terminal which the average joe doesn't even know about them.
Until Marshmallow they didn't even protect the external sdcard/otg, just a write permission was enough to do whatever you wanted with it...
Using old and almost always unsupported kernels doesn't help it. They're full of already patched exploits. My tablet uses 3.4.2x (already on 3.4.112[1]) and my phone 3.10.49 (already on 3.10.102[1])... Just search for a while and surely you will find a way to get root.
[1] Data from: https://www.kernel.org/ [kernel.org]
Android is so f*cked up.
(Score: 0) by Anonymous Coward on Saturday July 30 2016, @09:33PM
Root should be accessible for developers easily with adb (pc) but not directly from the device since the apps shouldn't be trusted.
I want to develop native apps directly on my phone, but Android SDK+NDK won't even fit. Why do I need gigabytes and gigabytes of shit to build a kilobyte apk file. Fuck Google's bloated fucking bullshit developer tools.
(Score: 2) by Kunasou on Saturday July 30 2016, @10:02PM
Since adb is just 1.2mb... I installed once the developer tools, copied out adb/fastboot and removed the other stuff. They're surely bloated, they even pack emulators by default, since why not? Let's waste hard drive space.
(Score: 1, Informative) by Anonymous Coward on Saturday July 30 2016, @09:34PM
My 2 year lod Android Jelly Bean phone has never notified my of any updates other than the apps downloaded from Google Play Store. I can't jailbreak it because the Cricket phones have some lock on it. Cricket has no info except a looping update website that leads nowhere.
(Score: 2) by dltaylor on Saturday July 30 2016, @11:24PM
While the Linux kernel does have some documented security weaknesses, the REAL problem with Android is the crap that Google allows, starting with allowing manufacturers to abandon phones, tablets, and devices without security updates. "Heartbleed" will be fixed on a billion Android devices when?
Secondly, it's the spyware, like the voicemail app on my phone that would like to scrape voicemails from my provider, ship them to a server God-knows-where to be datamined, and, presumably (never signed up) sent back as text. For one thing, there's no "Disable" button for it, and EVERYTHING, even Google's own apps, should have one, and secondarily, there's enough horsepower in the phone to translate the speech to text locally, without going outside the box.
In my case, the damages are minimal, because I have a "no-data" plan, and leave the WiFi off, except for a few minutes, here and there, when I need to download someone's multimedia text. It's still annoying to have half the phone's memory eaten up by crapware I have no intention of using.
(Score: -1, Troll) by Anonymous Coward on Saturday July 30 2016, @11:34PM
Cool story, rms jr.
(Score: 2) by Hyperturtle on Sunday July 31 2016, @05:39PM
I resist the use of Android phones because I still cling to that motto of "you get what you pay for". That can be via individual effort or direct financial transactions.
It's not worth the cost to me to ensure an android phone provides me the privacy I want out of it. It's simply a loss in my mind. It's too hard for the return I think I'd get. The return on investment does not exist favorably enough for me to make the commitment to it -- I mean, the OS was designed from the ground up to get people to accept advertising. They gave it away for FREE! It's not like Linux free, it's Corporate Handshake free!
That you are upset that half the phone it tied up trying to run crapware you don't care about... sounds like you paid for the wrong product.