• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: big hole in Terminal?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: big hole in Terminal?

  • Subject: Re: big hole in Terminal?
  • From: Dee Dee <email@hidden>
  • Date: Tue, 21 Apr 2015 00:30:58 -0400
Thank you all.
So here is my question: how was/is my teenager able to just open a terminal window, type in the xattr -d command and drop a file onto it, without requiring the root password?

(she has boasted on many occassions that she knows how to hack into stuff.  As a mom, I try to not allow the BIG RED FLAG to become visible.  On the other hand, she is a good kid (how many clueless parents say that?!), so I don’t want to discourage her honesty.  But I don’t want to be naive or over suspicious either.  Basically, she can assist me by way of her honest innocense, or she can scam me by playing the honest innocent evil genius.

I don’t want to make the mistake of suspecting the innocent.
But I do want to be savvy enough to be aware of potential problems.

Dee Dee

On Apr 21, 2015, at 12:10 AM, Jon Pugh <email@hidden> wrote:

> On Apr 20, 2015, at 8:40 PM, pscott wrote:
>> If you have have access to the file, xattr will do its thing, just like any other command against the file.
>>
>> Perhaps the problem is when the file is quarantined, its owner and permissions are not set accordingly, so you still have access to it.
>
> Problem is, you *need* the permissions in order to turn off the bit when you approve of it, which is what happens when the system puts up the “Are you sure?” dialog.
>
> Basically xattr works when it’s allowed to, just like all the other tools.  While the quarantine bit is useful, it’s not a failsafe.  Nothing is.  In order to do useful stuff, you have to allow the software to do useful stuff, and changing file content and permissions is allowed.
>
> Permissions aren’t stopping you from doing secure things, they’re stopping you from messing with other people’s files.  Permission elevators like sudo merely allow you to muck with other people’s stuff, which is what the system is.  You always get to muck with your own stuff.  You’ll need sudo to use xattr on system or other people’s (like root or system) files, just like expected.
>
> Jon
>


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
AppleScript-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
Archives: http://lists.apple.com/archives/applescript-users

This email sent to email@hidden
References: 
 >big hole in Terminal? (From: Dee Dee <email@hidden>)

  • Prev by Date: big hole in Terminal?
  • Next by Date: Re: big hole in Terminal?
  • Previous by thread: big hole in Terminal?
  • Next by thread: Re: big hole in Terminal?
  • Index(es):
    • Date
    • Thread