toggle

AAPL Stock: 108 ( + 1.02 )

Printed from http://www.macnn.com

Tiger, Leopard flaw an "enhancement"?

updated 05:50 pm EST, Fri January 25, 2008

Tiger, Leopard flaw

Similar to the Office 2008-related permissions problem reported earlier today, Mac OS X 10.4 Tiger and 10.5 Leopard users may be susceptible to additional vulnerabilities. MacNN reader Robert Myers reports that when using a standard user account to copy software in to the Applications folder, the authentication that takes place not only allows the software to be inserted in to the folder (as it should) but also changes the owner of the application to the current user.

Myers says that this could compromise a user's system integrity, by allowing malicious users access to otherwise protected personal data. He has mentioned that attempting to fix permissions through the user interface yields no results, but rather that a lengthy line-level Terminal procedure is involved to correct the problem.

Apple has been notified of the matter, but has allegedly deemed the issue to be an "enhancement" to operational features.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Peter753

    Joined: Dec 1969

    0

    What?

    Does anyone even know what this means? I understand permissions but come on... Do you really understand this well enough to say "Hey f*** you Apple. You're doing it wrong" Not me.

  1. Galen Wood

    Joined: Dec 1969

    0

    peter753

    Basically, permissions are in place to: 1. protect inexperienced users from themselves, and 2. to protect Mac OS X from unauthorized access.

    Mr. Meyers is implying that by installing an application in this fashion could basically be a proverbial hole under the razor-wire fence should a malicious user attempt to access your system through an internet-aware application.

  1. TheBum

    Joined: Dec 1969

    0

    Social engineering

    The user still has to authenticate, so unless the malicious user knew the admin password or could coerce an admin user into entering the password, he/she could not install the app.

  1. geedubya

    Joined: Dec 1969

    0

    Disinformated again!

    Not only would a regular user have to know an admin's password to copy into the Applications directory, the ownership & permissions CAN be changed easily through the user interface, AND the command-line is hardly "lengthy" -- sudo chown -R [admin] /Applications/[TargetAppDirectory]. Is MACNN so hard up for news they have to publish ill-informed "reports"? They themselves should have known this was incorrect!

  1. leamanc

    Joined: Dec 1969

    0

    Pointless

    Said standard user would still need an admin username and password to put it in the Applications folder in the first place. If they've got that, they've got root power, and this whole thing is moot.

    As to why it sets ownership to the user of the user who authenticated (and not the user they are authenticating as), well, that's just how sudo works. (The authentication box is a graphical representation of the sudo process.)

  1. Guest

    Joined: Dec 1969

    0

    are they sure?

    Regardless of the owner of the executable, the uid of the process will be that of the account that starts it, not of the program, so it will have no more rights then the account does. The exception being if the setuid bit is set, but that would be a really stupid thing to do for any application.

  1. adrian_milliner

    Joined: Dec 1969

    0

    most of you don't get it

    User 'bob' copies Bla app to Applications folder. bob is asked for admin credentials, and Bla is copied.

    Now Bla is actually a directory Bla.app and inside that directory is Contents/MacOS/bla - the binary executable.

    And this bla executable is owned by bob.

    So a bit of malware downloaded by bob that knows about Bla can replace it with something else without having to authenticate.

    Now, switch Bla for Firefox or NetNewsWire, or something else that a lot of people use all the time and you see why it might be an issue.

    Sure, the replaced bla is still run as Bob, but lots damage can be done without authenticating, such as recording keystrokes, sending information to the 'net, wiping out your home directory, etc.

    A big deal? Probably not. You could probably do more damage by putting up a bogus hint on macosxhints.com - so many sheep out that there that blindly do as they're told.

  1. robert_myers

    Joined: Dec 1969

    0

    Got it in 1 Adrian

    Adrian, you are exactly right.

    These flaws, in and of themselves, are relatively minor. They are however, a foothold into the compromise of the system. Either other downloaded malware, or just a flaw in something else that lets you overwrite arbitrary files.

    These issues raise a couple of concerns.

    1) These are rookie mistakes in Finder, much like the "delete file even if copy unsuccessful" bug that was recently found . What else lurks in Finder and other Apple provided apps?

    2) Apple tried to downplay it. Their record with security is, quite frankly, abysmal. See all the repeated issues with Quicktime (Windows and Mac), as well as the flaw that remained in Apple's Java distribution many months after Sun fixed it. Frequent and loud noise is the only thing that will change them

  1. awggondzur

    Joined: Dec 1969

    0

    Their record

    "Their record with security is, quite frankly, abysmal."

    Users' experience with the platform's security is quite the opposite. More FUD peddling as usual. Humbug.

  1. jonbwfc1

    Joined: Dec 1969

    0

    Hmm..

    personally, I don't (and don't see why a user should be) installing apps in /Applications. All the apps I download go in ~/Applications instead. If I can't install an app to there, unless I *know* it's a valid app, I don't install it. Apps which insist on being installed in /Applications I'm generally very suspicious of.

    Jon

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Tablo DVR

With over-the-top content options growing past Hulu and Netflix, consumers may be finding it harder to justify paying a monthly fee fo ...

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bring ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

toggle

Most Commented