Re: What happens to the AppKit Framework when an user logout ?
Re: What happens to the AppKit Framework when an user logout ?
- Subject: Re: What happens to the AppKit Framework when an user logout ?
- From: Finlay Dobbie <email@hidden>
- Date: Wed, 17 Oct 2001 18:29:08 +0100
On Wednesday, October 17, 2001, at 05:08 pm, Julien Jalon wrote:
NetInfo Manager is always launched as root, whoever you are! So
whatever NetInfo Manager will do, it will be done as root, including
launching Terminal. With this HUGE hole, you can launch whatever
application you want as root.
That's a big mistake of Apple developers and I don't understand why
they did that because it's obvious that a setuid application is very
weak
God, perhaps they should actually send some of their own developers to
their WWDC talks. At the Security overview or the Security:
Authorization talk, Michael Brouwer specifically said that YOU SHOULD
NOT RUN CARBON AND COCOA APPLICATIONS AS ROOT. :rolleyes:
-- Finlay