• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Cocoa can be used to execute arbitrary (privileged) code !
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cocoa can be used to execute arbitrary (privileged) code !

  • Subject: Re: Cocoa can be used to execute arbitrary (privileged) code !
  • From: Jean-Daniel Dupas <email@hidden>
  • Date: Thu, 19 Jun 2008 23:13:18 +0200
That's why you should basically never link on high-level framework with a setuid tools.


Le 19 juin 08 à 20:48, Charles Steinman a écrit :

This is in fact a Cocoa vulnerability, so it seems relevant to this list. All Cocoa applications automagically come with rudimentary AppleScript support (including "do shell script"), so any Cocoa app that runs with suid is a security risk unless you short circuit the Foundation scripting support.

Cheers,
Chuck


--- On Thu, 6/19/08, Jerry LeVan <email@hidden> wrote:

From: Jerry LeVan <email@hidden>
Subject: Cocoa can be used to execute arbitrary (privileged) code !
To: "cocoa-Dev Dev" <email@hidden>
Date: Thursday, June 19, 2008, 7:22 AM
Last night while browsing Slashdot I found this:

http://it.slashdot.org/it/08/06/18/1919224.shtml

It gives a simple command that can be used to
basically execute code as root.

osascript -e 'tell app "ARDAgent" to do shell
script "whoami"'

The above will print "root" and replacing
"whoami" will other
commands will cause the commands to be executed as root.

Looks like a job for NSTask...

This is certainly easier than using the Authentication
protocols :)

The "root" problem is that the ARDAgent
executable is
suid'ed to root!

I was surprised than none of the common mac sites has
picked up on this...


Jerry
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to
the list.
Contact the moderators at
cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: Cocoa can be used to execute arbitrary (privileged) code ! (From: Charles Steinman <email@hidden>)

  • Prev by Date: Re: Time Machine Helpers
  • Next by Date: Re: Problems with a Layer backed NSView in a NSScrollView
  • Previous by thread: Re: Cocoa can be used to execute arbitrary (privileged) code !
  • Next by thread: Re: Cocoa can be used to execute arbitrary (privileged) code !
  • Index(es):
    • Date
    • Thread