Is it possible run `|execve("/bin/sh", 0, 0)|` in android renderer process?
22 views
Skip to first unread message
18楼梦想改造家
Jun 27, 2024, 6:20:30 AM (6 days ago) Jun 27
to Chromium-dev
Hi, I try to understand the security mechism in `|android|`.
I already have did 2 setup:
1. pass `|--no-sandbox|` in the chrome, to disable the sandbox.
2. I disable SELINUX by `|setenforce 0|`.
Then I attach the renderer process, use lldb to execute this expression.
``` c++
(lldb) expr (int)execve("/bin///sh", 0, 0)
(int) $0 = -1
(lldb) expr (int)execve("/bin/sh", 0, 0)
(int) $1 = -1
```
It still will be failed. But I already `|disable sandbox and SELINUX|`... I don't understand what happened... Is it possible run `|execve("/bin/sh", 0, 0)|` in android renderer process? Thanks.
I already have did 2 setup:
1. pass `|--no-sandbox|` in the chrome, to disable the sandbox.
2. I disable SELINUX by `|setenforce 0|`.
Then I attach the renderer process, use lldb to execute this expression.
``` c++
(lldb) expr (int)execve("/bin///sh", 0, 0)
(int) $0 = -1
(lldb) expr (int)execve("/bin/sh", 0, 0)
(int) $1 = -1
```
It still will be failed. But I already `|disable sandbox and SELINUX|`... I don't understand what happened... Is it possible run `|execve("/bin/sh", 0, 0)|` in android renderer process? Thanks.
Reply all
Reply to author
Forward
0 new messages