View Single Post
Old 06-17-2015, 08:03 PM   #6
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by leroti View Post
Can you point me to some threads discussing the technical picture post-5.6 update?

I have read a lot about how it is pretty hopeless, but haven't found the technical reasons behind this lament.

- - - -
Not really, there wasn't much discussion, just the presentation of the accomplishment.

The most details are to be found in the jail breaks themselves.
None of them are "binary without source", in fact, I don't think any of them have been "binaries".

The one jail break that targets the greatest number of devices and firmware versions ...
Ah, now there is an embarrassment to the "old hands" of the CS field (myself included - it put to shame my 50+ years in the field).

It used (uses) a system vulnerability well known to K&R (the developers of Unix - Linux is a " *nix like " system) -
That was (is) the use of a "poison filename".
I'll save you looking at the jb code - - -
That is when a filename is carefully crafted in such a way that the system executes the filename as if it was a system command line.
Makes for a really funny looking filename, but that is what it was (is).

Why the shame attached?
Nobody (myself included) thought to try such a well known system vulnerability several years earlier in the history of Kindle jail breaking.
(Super Duh...)

- - - - - -

The difficulty since Lab126 fixed the above major "oops" in their implementation are all based in the ownership and permission system that is part of all *nix-like systems.

Short of a major brain-fart on the part of the implementers, it is pretty secure (except for the case when there is physical access to the system operator's console - which is why computer systems lived (still live) in physically secure rooms).

Amazon has built/shipped some kernels with SE-Linux - - but they have never used those features that I know of.

You will have to web-search that term for the gory details, but briefly ....
SE-Linux puts the standard ownership and permission system on super steroids -
It is what NSA (the developers) think *nix-like system security should be like.

- - - -

NSA: USA's National Security Agency - -
These people take the security and access control of their own computer systems **SERIOUSLY**.

And yes, they run Linux - just like your e-book reader does.
knc1 is offline   Reply With Quote