Re: Security Issue ... was[What happens to ...]
Re: Security Issue ... was[What happens to ...]
- Subject: Re: Security Issue ... was[What happens to ...]
- From: Jonathan Hendry <email@hidden>
- Date: Wed, 17 Oct 2001 14:54:28 -0500
On Wednesday, October 17, 2001, at 11:27 , John C. Randolph wrote:
On Wednesday, October 17, 2001, at 08:52 AM, James Bredijk wrote:
Cupertino, we have a problem!
While playing around with "NetInfo" as previously discussed, I found
that I can do bad things while posing as "root" - such as launch
"Keychain", and then delete root's keychains without entering root's
password. This was the first test that I did, so I'm sure that this is
just the tip of the iceberg.
I think the critical question is "Can this be done from a remote session?
"
I doubt it. I suspect it's due to the fact that the menu itself
is owned and operated by an suid-root application. The code that
launches an application picked from the Recent Items menu must
run as the application that's running, which means running as
root for an suid root app.
Whoops.