View Single Post
Old 10-04-2010, 04:56 PM   #9
bmf
Member
bmf began at the beginning.
 
Posts: 13
Karma: 10
Join Date: Oct 2010
Device: Kindle 3
Ok - so if it's not signed how come just dropping it into the root directory and clicking update is accepted? Did they just not put any security checks on the update functionality? Or is it that an update run from this directory is only applied to a filesystem and the tar symlink breaks out to root?

Is it really just a case of marking the files as executable sees them run with access all areas?

Hope you don't mind me asking I'm just curious about this because, well - it's interesting :-)
bmf is offline   Reply With Quote