[Android-tools-devel] Bug#738128: android-tools-adb: adb server locks out subsequent users by using common unix-domain socket location without cleanup

殷啟聰 | Kai-Chung Yan seamlikok at gmail.com
Mon Nov 5 20:41:14 GMT 2018

ADB is now updated to Oreo release, and I just tested `start-server` regarding your report.

> "adb start-server" starts the adb service with a unix-domain socket by
> default (local:5037 maps to /tmp/5037).  This is potentially a risky
> process (e.g. like the symlink attack from the logfile mentioned in
> #688280). 

I don't see any mapped file created under `/tmp` any more. I believe this behavior is changed by now.

> In addition to being risky, adb does not clean up its unix-domain
> socket when it shuts down, but leaves the socket in place.

What I can confirm is that after I run `adb kill-server` the 5037 TCP port is no longer listened.

Can anyone else confirm on the problem again?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/android-tools-devel/attachments/20181106/81c8f3f9/attachment.sig>

More information about the Android-tools-devel mailing list