Bug In Android Passes Keystrokes To Root Shell

pasokon writes "ZDNet reports on an Android bug in T-Mobile G1s with early versions of the firmware: 'When the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell. Thus every word you typed, in addition to going to the foreground application would be silently and invisibly interpreted as a command and executed with superuser privileges. ... open the keyboard tray on your G1, ignore anything you see on the screen, and type these 8 keystrokes: (enter)-r-e-b-o-o-t-(enter). Poof, your phone will reboot.'"

Open source, remember? fix already out

[dnwq]

From TFA:

If you see anything later than RC29 then you already have the fix.

Because Android is open source, the problem was quickly tracked down by users to a couple lines in the system file init.rc. My guess is that this was accidentally left in during device debugging.

Degradation

[Ashcrow]

This coming from Google? That surprises (and scares) me. I don't know how something like that would get through a QA process unless the QA process was rushed ... oh no, please don't become like almost every other software company out there Google! :-/

Re:False

[cicatrix1]

Update: oops. it's real!

I restarted my phone manually, and tried this on a fresh boot. My phone did immediately restart. Yikes.

Re:This is simply mind-boggling.

[Otto]

Read this:
http://android.jim.sh/index.php/ConsoleShell [android.jim.sh]

Looks like debugging code left behind...

Re:This is simply mind-boggling.

[tyler_larson]

Verified this still works on the latest OTA update, RC29.

Re:This is simply mind-boggling.

[tyler_larson]

If you want to keep from fubar-ing your G1 by typing in the wrong stuff accidentally, just type "cat [enter]" first thing when you power on the device, and it will be defused from then on. All input will be harmlessly filed away to stdout.

Re:Degradation

[Champion3]

Well, they do ship almost everything as "beta"...

Re:This is simply mind-boggling.

[RzUpAnmsCwrds]

The latest OTA update is RC30, which patches the issue (I confirmed this on my G1).

Re:This is simply mind-boggling.

[tyler_larson]

You mean defused until you type Control-z, Control-d or Control-c, right?

Nope. I really do mean from then on. Read the various write-ups to understand why.

And for bonus points, see if you can find your phone's "control" key.

Re:Nah it'll never work

[smoker2]

How is that relevant ?
I have linux installed on a compact flash card, and it sees itself as residing on hda because it is connected via adapter to an ide socket. It might be seen as sda if it were connected to a SATA connection.
No physical ide (or SATA) drive needed. There might easily be interface emulation to ease the porting of the OS to solid state devices.