Exclusive Deal While supplies last, save 40% off over 40 iPhone 5 and iPhone 4/4S cases and chargers as well as Samsung S III cases at Kensington.com. Use coupon code 'SAVE40%' at checkout to receive this exclusive discount.      
toggle

AAPL Stock: 445.15 ( + 3.01 )

http://www.macnn.com/articles/01/10/23/appleshare.security/

AppleShare security hole gives folder access

updated 10:15 am EDT, Tue October 23, 2001

 
", 0, 0);


Martin Ler, editor of the Czech Mac Magazine, writes about another OS X-related security hole (which has yet to be confirmed) that gives access to home folders via AppleShare:

"If you are Admin user on some machine (so you are NOT a root, which have access everywhere), you are not able to surf through home folders of another users. But when you will connect to the same computer through AppleShare (even on the same computer), with your name and passwd, you will got access to the disk and public folders of users and when you will mount disk, where users folders are, you can freele surf through and copy anythink and make any changes. Of course, you can do this through network too. For normal users (not admins) are accessible just public folders, so they can't access anything more, than they realy can. This security problem is just afecting users home folders, not System folder, so it's not possible to render system unusable."


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. Joined:

    0
    10/23, 11:12am | report spam | Reply | delete

    duh!

    Operative thing is that you have to have an ADMIN account and you have to have File sharing activated on the target machine.

    Though use of sudo, the Admin user has access to the entire machine anyway so this is...uh...a non-issue.

  1. \0

    Joined:

    0
    10/23, 11:26am | report spam | Reply | delete

    Admin == root

    If you're logged in as Admin, unless the sudoers file was modified, you can get root and then go look at anything anyway. Pretty much, as far as security is concerned, an admin account is root.

  1. goedtkindt

    Fresh-Faced Recruit

    Joined: Sep 2001

    0
    10/23, 11:27am | report spam | Reply |

    can confirm

    I can confirm this, but it should be corrected:
    as an administrator you can indeed su or sudo, but before doing this you think twice...
    with this gap open, you might trash files you think they belong to you and trash someone elses files by mistake.

  1. goedtkindt

    Fresh-Faced Recruit

    Joined: Sep 2001

    0
    10/23, 11:29am | report spam | Reply |

    can confirm

    I can confirm this, but it should be corrected:
    as an administrator you can indeed su or sudo, but before doing this you think twice...
    with this gap open, you might trash files you think they belong to you and trash someone elses files by mistake.

  1. Joined:

    0
    10/23, 03:51pm | report spam | Reply | delete

    RE: can confirm

    I should think that's obvious to anyone who has shared a computer - don't just throw away files because you can!

  1. strobe

    Dedicated MacNNer

    Joined: Oct 1999

    0
    10/23, 04:27pm | report spam | Reply |

    jeez

    This has already been addressed by Apple. This is NOT, I repeat NOT a security hole!

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News