DCSIMG
iPhone runs everything as root? - My Local Notes to Myself and Others...

My Local Notes to Myself and Others...

Computers/Music/Books/Rants

iPhone runs everything as root?

This might be somewhat old but it still strikes me as odd. It seems that every process
on the iPhone runs as root, which basically means that if one process is breached it will
have full access to the whole system.

When looking at this situation, on one hand you might be confident that your software
has no security flaw, thus you have nothing to worry about or you have made a mistake.

A process/user should not run with higher privileges then the ones he really needs, even
administrators should be limited- if they need to use their admin privileges it should be
done in a controlled environment both technically and mentally (be afraid...very afraid...ok,
not afraid but aware of the fact that you can wipe out your companies information).

For additional information take a look at the following post on the Metaspolit blog and the
following message on Neophasis Archives (Full Disclosure).

Technorati Tags: , ,
Published Wednesday, October 03, 2007 9:23 AM by Erik Rozman
תגים:, ,

Comments

# re: iPhone runs everything as root?@ Wednesday, October 03, 2007 2:28 PM

That doesn't sound like a problem when you consider that apple sees the device as a closed platform.

All the hacks that allow you to install more stuff are, well, hacks...

by arnonrgo

# re: iPhone runs everything as root?@ Wednesday, October 03, 2007 8:43 PM

Thanks for the comment, personally, I want my devices and software to have a low surface attack or in other words hack proof to some extent.

In this case, it seems that the system has a relatively big attack surface any process (once hacked) provides full access to the system.

Considering this is a phone the notion is disturbing. For the sake of the argument consider an option of the calculator application having a security vulnerability- it will allow a potential hacker/malicious user to do anything on your phone (which ranges from destroying it to listening to your conversations or stealing your data...).

Now if the calculator would run with a relatively limited account the worse that could happen would be damage to the calculator...

by Erik Rozman

# re: iPhone runs everything as root?@ Thursday, October 04, 2007 2:01 AM

You are probably right

but my Windows Mobile phone behaves exactly the same - and unlike the iPhone it is defined as an open platform and not a closed appliance. I don't think it is different in Symbian phones (but I haven't verified it)

by arnonrgo

# re: iPhone runs everything as root?@ Friday, October 05, 2007 3:47 PM

arnonrgo: nowadays there's no such thing called 'closed platform'. You're connected to the net.

Even browsing the web is dangerous: malicious html/js/flash/activex controls can use your browser's credentials to do evil stuff.

by Oren

Leave a Comment

(required) 
(required) 
(optional)
(required) 

Enter the numbers above: