diff options
| author | Nick Kralevich <nnk@google.com> | 2012-01-27 13:06:53 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2012-01-27 13:06:53 -0800 |
| commit | e7fd911fd42b1f8bea6a004e2bcc1d2dda4ec718 (patch) | |
| tree | c3453665a18a4de328e584202877332a153c02e8 /rootdir/init.rc | |
| parent | 46f86f11d446a650602057f8a07eba1f609d7fe9 (diff) | |
| download | system_core-e7fd911fd42b1f8bea6a004e2bcc1d2dda4ec718.tar.gz system_core-e7fd911fd42b1f8bea6a004e2bcc1d2dda4ec718.tar.bz2 system_core-e7fd911fd42b1f8bea6a004e2bcc1d2dda4ec718.zip | |
Restrict zygote to system user.
CVE-2011-3918: Address denial of service attack against Android's
zygote process. This change enforces that only UID=system can
directly connect to zygote to spawn processes.
Change-Id: I89f5f05fa44ba8582920b66854df3e79527ae067
Diffstat (limited to 'rootdir/init.rc')
| -rw-r--r-- | rootdir/init.rc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc index b9f111e2..72995136 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -417,7 +417,7 @@ service surfaceflinger /system/bin/surfaceflinger service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server class main - socket zygote stream 666 + socket zygote stream 660 root system onrestart write /sys/android_power/request_state wake onrestart write /sys/power/state on onrestart restart media |