Tiger, Leopard flaw an "enhancement"?

Does anyone even know what this means? I understand permissions but come on... Do you really understand this well enough to say "Hey Fuck you Apple. You're doing it wrong" Not me.

Basically, permissions are in place to: 1. protect inexperienced users from themselves, and 2. to protect Mac OS X from unauthorized access.

Mr. Meyers is implying that by installing an application in this fashion could basically be a proverbial hole under the razor-wire fence should a malicious user attempt to access your system through an internet-aware application.

The user still has to authenticate, so unless the malicious user knew the admin password or could coerce an admin user into entering the password, he/she could not install the app.

Not only would a regular user have to know an admin's password to copy into the Applications directory, the ownership & permissions CAN be changed easily through the user interface, AND the command-line is hardly "lengthy" -- sudo chown -R [admin] /Applications/[TargetAppDirectory]. Is MACNN so hard up for news they have to publish ill-informed "reports"? They themselves should have known this was incorrect!

Said standard user would still need an admin username and password to put it in the Applications folder in the first place. If they've got that, they've got root power, and this whole thing is moot.

As to why it sets ownership to the user of the user who authenticated (and not the user they are authenticating as), well, that's just how sudo works. (The authentication box is a graphical representation of the sudo process.)

Regardless of the owner of the executable, the uid of the process will be that of the account that starts it, not of the program, so it will have no more rights then the account does. The exception being if the setuid bit is set, but that would be a really stupid thing to do for any application.

User 'bob' copies Bla app to Applications folder. bob is asked for admin credentials, and Bla is copied.

Now Bla is actually a directory Bla.app and inside that directory is Contents/MacOS/bla - the binary executable.

And this bla executable is owned by bob.

So a bit of malware downloaded by bob that knows about Bla can replace it with something else without having to authenticate.

Now, switch Bla for Firefox or NetNewsWire, or something else that a lot of people use all the time and you see why it might be an issue.

Sure, the replaced bla is still run as Bob, but lots damage can be done without authenticating, such as recording keystrokes, sending information to the 'net, wiping out your home directory, etc.

A big deal? Probably not. You could probably do more damage by putting up a bogus hint on macosxhints.com - so many sheep out that there that blindly do as they're told.

Adrian, you are exactly right.

These flaws, in and of themselves, are relatively minor. They are however, a foothold into the compromise of the system. Either other downloaded malware, or just a flaw in something else that lets you overwrite arbitrary files.

These issues raise a couple of concerns.

1) These are rookie mistakes in Finder, much like the "delete file even if copy unsuccessful" bug that was recently found . What else lurks in Finder and other Apple provided apps?

2) Apple tried to downplay it. Their record with security is, quite frankly, abysmal. See all the repeated issues with Quicktime (Windows and Mac), as well as the flaw that remained in Apple's Java distribution many months after Sun fixed it. Frequent and loud noise is the only thing that will change them

"Their record with security is, quite frankly, abysmal."

Users' experience with the platform's security is quite the opposite. More FUD peddling as usual. Humbug.

personally, I don't (and don't see why a user should be) installing apps in /Applications. All the apps I download go in ~/Applications instead. If I can't install an app to there, unless I *know* it's a valid app, I don't install it. Apps which insist on being installed in /Applications I'm generally very suspicious of.

Jon