command injection in Android by executing the mount command

Question

I am trying to execute this code

    Process process = new ProcessBuilder().command("mount").start();
        process.waitFor();

to find out the sd card location and then afterwards checking if it is managed by vold and if the file system is vfat.

My question is if anyway this code can be comproprised and become a candidate for command injection in Android.

Couple points from my side.

Its not user input so there will be no command injection in that case. Can the whole Android OS environment be changed such that mount command can be ill used ?

cheers, Saurav

ok...Currently i am reading /proc/mounts replacing the mount command.

Is this is the good way to do.

References for this solution http://renzhi.ca/2012/02/03/how-to-list-all-sd-cards-on-android/ How can I get the list of mounted external storage of android device

code below

reader = new BufferedReader(new FileReader("/proc/mounts"));
        String line;
        while ((line = reader.readLine()) != null) {
            // Output the line of output from the mount command
            logger.debug("   {}", line);

            if (line.startsWith("/dev/block/vold/")) {

Can anyone please if this is the correct way to do and is free of any security issues.

cheers, Saurav

This is an inferior approach anyway; you should simply read /proc/mounts as a text file, and avoid spawning a child process - something it is generally best to avoid as it's a fairly heavyweight operation and generally a poor fit with Android's process management and overall design philosophy. — Chris Stratton, Feb 14 '14 at 23:38
Thanks Chris for the reply. Is this one the best solution http://stackoverflow.com/questions/9340332/how-can-i-get-the-list-of-mounted-external-storage-of-android-device/19982338#19982338 ? — saurav, Feb 17 '14 at 05:16

score 1 · Answer 1 · answered Feb 14 '14 at 13:38

1

As you said, as long as you don't have any user input you're safe from this kind of injection.

The only case where you could be in trouble is if the mount binary have been replaced by a some malicious binary. To encounter this situation, the user must have had rooted the device and replaced the OS with a custom ROM.

I think you can assume that the mount command should run properly.

answered Feb 14 '14 at 13:38

synapticvoid

34
3

thanks synapticvoid for the response. In that case can i somehow prevent that or provide the actual path to mount binary ? – saurav Feb 14 '14 at 14:12
1

Nope, you can't prevent it, it depends completely on the user. Providing the complete path is risky, some devices can have it in /system/xbin or /system/bin or even system/sbin. You can only assume that the binary is present and working properly ! – synapticvoid Feb 16 '14 at 14:03
That's not true. You can explicitly specify a path, though you have to make sure it is there. That could be accomplished by supplying your own. But then doing so is rather pointless when there is no reason to run an external command to begin with - the same operations which the query form of the mount command performs can be performed from within the application process. – Chris Stratton Feb 17 '14 at 05:30
I never said it's impossible to provide the path, I simply pointed the fact that it is risky because the binary might not be there, it depends on the device manufacturer! – synapticvoid Feb 17 '14 at 07:55

command injection in Android by executing the mount command

1 Answers1