• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Security Issue ... was[What happens to ...]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Issue ... was[What happens to ...]

  • Subject: Re: Security Issue ... was[What happens to ...]
  • From: Jonathan Hendry <email@hidden>
  • Date: Wed, 17 Oct 2001 14:54:28 -0500
On Wednesday, October 17, 2001, at 11:27 , John C. Randolph wrote:

On Wednesday, October 17, 2001, at 08:52 AM, James Bredijk wrote:

Cupertino, we have a problem!

While playing around with "NetInfo" as previously discussed, I found that I can do bad things while posing as "root" - such as launch "Keychain", and then delete root's keychains without entering root's password. This was the first test that I did, so I'm sure that this is just the tip of the iceberg.

I think the critical question is "Can this be done from a remote session?
"

I doubt it. I suspect it's due to the fact that the menu itself
is owned and operated by an suid-root application. The code that
launches an application picked from the Recent Items menu must
run as the application that's running, which means running as
root for an suid root app.

Whoops.

  • Follow-Ups:
    • Re: Security Issue ... was[What happens to ...]
      • From: Darkshadow <email@hidden>
References: 
 >Re: Security Issue ... was[What happens to ...] (From: "John C. Randolph" <email@hidden>)

  • Prev by Date: Re: C Structs as objects?
  • Next by Date: Re: [OFF] Services Question - X.1
  • Previous by thread: Re: Security Issue ... was[What happens to ...]
  • Next by thread: Re: Security Issue ... was[What happens to ...]
  • Index(es):
    • Date
    • Thread