The current repo belongs to Paused status, and some functions are restricted. For details, please refer to the description of repo status
12 Star 12 Fork 89

OpenHarmony / device_hihope
Paused

 / 详情

/system/bin/display-hotplug.sh脚本编译到正式版本中,疑似后门,应删除

Done
安全问题
Opened this issue  
2021-12-25 17:47

漏洞编号:
漏洞归属组件:
漏洞归属版本:
CVSS V3.0分值:
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Not required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
Base Score 8.4

漏洞简述:/system/bin/display-hotplug.sh脚本编译到正式版本中,疑似后门
echo off > /sys/class/drm/card0-eDP-1/status
echo off > /sys/class/drm/card0-HDMI-A-1/status
脚本的可执行权限小于以上两个文件的读写权限,存在权限绕过问题
影响性分析说明:正式版本不应该带有调试脚本,已被质疑
原理分析:
受影响版本:
规避方案或消减措施:请删除。调试文件在编译后手动push进行调试

Comments (0)

wangluofan created安全问题
jiyong set assignee to qtpl456
jiyong set priority to P4
qtpl456 throughopenharmony/device_hihope Pull Request !63 changed issue state from 待办的 to 已完成
Expand operation logs

Sign in to comment

Status
Assignees
Projects
Milestones
Pull Requests
Successfully merging a pull request will close this issue.
Branches
Planed to start   -   Planed to end
-
Top level
Priority
Duration (hours)
参与者(1)
1
https://git.oschina.net/openharmony/device_hihope.git
git@git.oschina.net:openharmony/device_hihope.git
openharmony
device_hihope
device_hihope

Search