• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Problem with the privileges of the KEXT package...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with the privileges of the KEXT package...

  • Subject: Re: Problem with the privileges of the KEXT package...
  • From: Stéphane Sudre <email@hidden>
  • Date: Wed, 29 May 2002 18:43:05 +0200
On Wednesday, May 29, 2002, at 06:05 PM, Dean Reece wrote:

2) I do agree with the fact that owner/group must be root/wheel for items inside /System but I do not agree that it should be the case when they are in /Library.

The ownership requirement is necessary regardless of location for security reasons. A KEXT contains a binary that is loaded into the kernel and executed. If that binary can be written by non-admin users, then it can become a vehicle for all sorts of nasty attacks. For the purposes of security, a KEXT must be thought of as a setuid binary and treated as such.

This is why I don't understand why rwxrwxr-x root/admin is considered incorrect:
- with this setting, the binary can't be written by non-admin users.
- if an user is in admin but not wheel then he can create a Startup Item which will be launched at boot time with the root privileges. So instead of trying to change a kext, would I want to do a nasty attack, I would just create a Startup script with rm -r /Users for instance. Maybe due to some HFS+ stuff (don't remember if the fact that you couldn't rm files with the Lock option set from the Finder has been fixed or not) I may not be able to delete everything but it will be nasty.
In fact I just did the test. I created an user with admin permission. I then remove it from wheel using NetInfo. I logged in with this user account and created a small StartupItem whose sole purpose was to touch a file in /Library/StartupItems/.
The StartupItem was launched and the file was created with -rw-r--r-- root admin permission. So I tend to believe a rm -r /Users would be nasty if sent from this script.

This requires a reboot but since you need to be root or sudoed to kextload a kext, this is quite the same situation.
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.
References: 
 >Re: Problem with the privileges of the KEXT package... (From: Dean Reece <email@hidden>)

  • Prev by Date: Re: Problem with the privileges of the KEXT package...
  • Next by Date: overloading system calls
  • Previous by thread: Re: Problem with the privileges of the KEXT package...
  • Next by thread: Re: Problem with the privileges of the KEXT package...
  • Index(es):
    • Date
    • Thread