Re: Kernel extensions and code injection?
Re: Kernel extensions and code injection?
- Subject: Re: Kernel extensions and code injection?
- From: Dave Rehring <email@hidden>
- Date: Tue, 22 Mar 2005 14:16:38 -0800
On 3/22/05 10:53 AM, Brian Kendall at email@hidden wrote:
> Fortunately, the good news with any kernel extensions is that there's
> *NO* way to install them without the user knowing exactly what you're
> doing and without them typing in an administrator password, which is
> probably one of the main reasons we don't come across Mac OS X viruses.
>
> - Brian
You really think so? I don't think any commonly used installer for OS X
exposes to the user what it is doing, unless the person who built it
explicitly takes extra effort to make it do so [making it semi-pointless,
because the end-user has to trust that the information is accurate].
If you need to do much of anything, like install files into /Library/ or
even /Applications/, you need the user to bang in the password, and once
they do that, all bets are off. Heck, even the authentication password
entry dialog is easy enough to fake [ie, the installer could install a phony
application in /tmp, and have that application present the Auth dialog for
example, which can verify the password by executing a test shell script].
Maybe it's more clear in 'darwin', because installers are non-GUI shell
scripts that you can read before executing them... :-)
Later,
--
David Rehring Psychos do not explode when light hits
VP of Research and Development them, no matter how crazy they are...
Atimi Software, Inc.
www.atimi.com And totally insane guy!
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden