GrapheneOS on nostr

We'll be moving this kind of content to our forum soon where we can write more about it and use proper formatting including headers and relevant inline images. We haven't moved to the new approach yet...

GrapheneOS @GrapheneOS 1777526817

AOSP also doesn't permit setuid or setgid binaries which was the chosen attack vector for exploiting it in the proof of concept exploit. It similarly doesn't permit io_uring, user namespaces and a lot of other functionality outside of a few core processes for security reasons.

2❤️1

Emelia/Emi · 5w

nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqtva8g98fx0fks0pt38vr75tv02t30qd5ev7n5v7fcpl6t44hf7kqzp8d0p Note that the exploit itself only depends on the executables behind a "privileged" process being readable by the malicious app, so Android could still be (theoretically, if you managed t...

GrapheneOS · 5w

Standard Android GKI kernels also have the userspace API for Linux kernel crypto disabled including CONFIG_CRYPTO_USER_API_AEAD being unset. Many Android vendors enable a lot more functionality in the kernels but probably haven't had an actual reason to enable this functionality.