- Joined
- Oct 6, 2011
- Messages
- 5,782
- Reaction score
- 2,133
Chainfire has just updated SuperSU. If you are a root user you will want to get on the latest version which is v2.78 SR1. The latest version includes a major bug fix which updates supolicy. Chinfire explains the update in supolicy below.
Due to an initialization bug, introduced in v2.68 BETA, some SELinux contexts (including shell and untrusted_app) could be granted sys_module capability. If this happens, and your kernel is compiled with module loading support (most modern stock kernels have this disabled) and an exploit is used to gain uid 0, this then allows for a complete SELinux bypass and kernel pwn.
Apparently the chances of someone actually exploiting the vulnerability are pretty slim since it requires an exact combination. Still you have to give Chainfire props for fixing this up quickly.
The rest of the changes are as follows.
- subinary: Adjust app_process detection with manipulated mount namespaces
- subinary: Adjust Zygote PID detection to prefer 64-bit
- subinary: Fix possible NPE in LD_PRELOAD sanitization
- subinary: In systemless mode, ensure PATH contains /su/bin and /su/xbin
- supolicy: Ensure zero-on-alloc for new rules
- supolicy: Fix parsing allowxperm with multiple sources/targets in a single definition
- ZIP/Systemless: Give su.d 60 seconds to execute (from 4 seconds)
via XDA