February 8th, 2009

Rooting 2.6.25

Yes, I want to get root on my shiny new t-mobile g1. I tried exploiting dnotify hole that was fixed in only to find out that CONFIG_DNOTIFY is off in g1 kernel. So I made sure that CONFIG_INOTIFY is on, and tried exploiting 6ee5a399d6a92a52646836a6e10faf255c16393e. It triggers very reliably... with SLAB debugging on. With debugging off, it took 2+ hours to reproduce on PC. Given that I'd have to manually insert/remove SD card for each try, that is not an option. I thought that rooting 2.6.25 would be easy, but it turns out it is lot harder than I expected.

Perhaps some reader has his favourite, easy-to-exploit security hole he'd like to share? :-)

Ouch, and I now know that horse can kick you when you are still on the ground, holding reins. She hit a belly, and it hurt quite a lot. Fortunately she did not seem to make too much damage (but that took doctors 2 hours to figure out, and they had their "this si serious" looks). For some reason the kick seems to have increased gas production in the intestines...?