• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: What happens to the AppKit Framework when an user logout ?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What happens to the AppKit Framework when an user logout ?

  • Subject: Re: What happens to the AppKit Framework when an user logout ?
  • From: Finlay Dobbie <email@hidden>
  • Date: Wed, 17 Oct 2001 18:29:08 +0100
On Wednesday, October 17, 2001, at 05:08 pm, Julien Jalon wrote:

NetInfo Manager is always launched as root, whoever you are! So whatever NetInfo Manager will do, it will be done as root, including launching Terminal. With this HUGE hole, you can launch whatever application you want as root.

That's a big mistake of Apple developers and I don't understand why they did that because it's obvious that a setuid application is very weak

God, perhaps they should actually send some of their own developers to their WWDC talks. At the Security overview or the Security: Authorization talk, Michael Brouwer specifically said that YOU SHOULD NOT RUN CARBON AND COCOA APPLICATIONS AS ROOT. :rolleyes:

-- Finlay

References: 
 >Re: What happens to the AppKit Framework when an user logout ? (From: Julien Jalon <email@hidden>)

  • Prev by Date: Re: What happens to the AppKit Framework when an user logout ?
  • Next by Date: nobody knows, or just can't be done?
  • Previous by thread: Re: What happens to the AppKit Framework when an user logout ?
  • Next by thread: Re: What happens to the AppKit Framework when an user logout ?
  • Index(es):
    • Date
    • Thread