maemo.org - Talk - [Bug] Critical Security Bug of MeeGo

maemo.org - Talk (https://talk.maemo.org/index.php)

- MeeGo / Harmattan (https://talk.maemo.org/forumdisplay.php?f=45)

- - [Bug] Critical Security Bug of MeeGo (https://talk.maemo.org/showthread.php?t=101088)

The Aegis Security system checks each executable's md5 when it is executed.But the referred md5(calculated when the executable first installed) is stored in an unsafe file.
/var/lib/aegis/refhashlist (or some path like this)
The file has a rw-rw-rw- permission which means any user could read and write it.
So,a malware executed by user(with lowest permission) could just write it to an empty file to break the Aegis and crash the MeeGo OS.
For example:
-----------
Don't try this on your phone!!!!
----------
I tried this on a newly flashed N9 device with a 3rd party terminal without developer mode.

I just simply run:
echo ''>>The path to the refhashlist file.

And

echo ''>>There is also a refhashlist.bak file.

If you do so,any executable with root permission won't run again.The device won't shutdown unless you force it by long-press the power button.

The device reports OS error and request fixing when you try to boot it after the force shutdown.

I'm afraid that this would be a critical safety problem for MeeGo.

By the way,is there a security problem with the OpenSSH Server installed by Developer Mode?