My scripting activities lead me to looking into which users can open
a sparsebundle created by another user. While doing this, I noticed
something I don't think I like.
I have two startup disks: 10.6.1 on my internal HD and 10.5.8 on an
external FW HD.
1. A standard user on the 10.5.8 external HD can read the Home
folder of any standard (but not admin) user on the 10.6.1 internal HD.
2. A standard user on the 10.6.1 internal HD can read the Home
folder of any user (including admin) on the 10.5.8 external drive.
Apparently, if I wanted to snoop, I could carry around an external
10.6.1 FW startup drive and see things you wouldn't want me to see.
Do you see a bug here?
No, because the way permissions on a volume are honored depends on the
way that volume is mounted by the OS or on the way a daemon (say,
AppleFileServer) takes those bits into consideration for sharing the
Those r/w bits associated to files and directories are just... bits,
and they don't preclude anyone having a physical access to the drive
from reading the drive's contents.
If one wants secure storage, the only way is to encrypt the data put
on that storage.
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: