Linked by David Adams on Sun 9th Nov 2008 16:50 UTC, submitted by Hakime
Bugs & Viruses There's a bug in Android that crosses over from the realm of serious into self-parody: "It turns out the bug in Android I wrote about yesterday was worse than we thought. When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. Wow!"
Thread beginning with comment 336742
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Not an Android issue
by mjg59 on Sun 9th Nov 2008 20:55 UTC in reply to "RE: Not an Android issue"
Member since:

It's nothing to do with the kernel, other than the kernel working as designed. Input event devices are multiplexed through /dev/console and passed to the foreground virtual terminal. If you've launched a graphical environment in that terminal then the keyboard events will be passed back to it. If you also happen to be running a shell underneath that terminal, then bad things are obviously going to happen. The easy workaround is not to run a shell on that terminal. The correct one (which then works independent of the shell) is to put the console in KD_RAW mode, which prevents the passthrough of events. We hit the same issue in X during the migration from the old kbd driver to the new evdev one.

Reply Parent Score: 2