Re: Security framework question
Re: Security framework question
- Subject: Re: Security framework question
- From: Brian Hill <email@hidden>
- Date: Wed, 11 Jul 2001 15:25:54 -0500
On Wednesday, July 11, 2001, at 02:51 PM, Scott Anguish wrote:
huh? Can you expand on this?
On Wednesday, July 11, 2001, at 10:45 AM, Eric Peyton wrote:
2) Setuid applications (especially Cocoa ones) are prone to easy
security holes.
Let me guess:
Cocoa applications used to have the option of being told to load extra
bundles on the command line when they're started. If that is still the
case, you could write a bundle to override various methods in the
application (via categories, for instance) and change the behavior of
the application. If that application was setuid, you could get it to do
basically anything you wanted to.
Is that it?
Brian
email@hidden
http://personalpages.tds.net/~brian_hill
___________________________________________________________
"Why? I came into this game for adventure - go anywhere, travel
light, get in, get out, wherever there's trouble, a man alone.
Now they've got the whole country sectioned off and you can't
move without a form. I'm the last of a breed."
-- Archibald "Harry" Tuttle, Rogue HVAC Repairman
___________________________________________________________