Google Git
Sign in
aiyprojects/android-core/refs/heads/ics-mr1^!/.
commit
d6fec06b797695fe1762b489abe5361ccc3c2005
[log]
author
Nick Kralevich <nnk@google.com>
Fri Jan 27 13:06:53 2012 -0800
committer
Nick Kralevich <nnk@google.com>
Fri Apr 27 13:32:32 2012 -0700
tree
822006f3908db085b8b98620bca2c6499ec8c11a
parent
5ebced39093d1223566166b8cc6abfe6729c487d [diff]
Restrict zygote to system user.

CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.

Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 0510696..840faa5 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -412,7 +412,7 @@
 
 service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
     class main
-    socket zygote stream 666
+    socket zygote stream 660 root system
     onrestart write /sys/android_power/request_state wake
     onrestart write /sys/power/state on
     onrestart restart media