• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Firefox self-update?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Firefox self-update?

  • Subject: Re: [Fed-Talk] Firefox self-update?
  • From: David Emery <email@hidden>
  • Date: Wed, 29 Aug 2012 12:38:10 -0400
Thanks!  That explains it.

But that raises an interesting question:  -Should- instlls work this way?  (I admit to being surprised, if not shocked, by this behavior.)  And more specifically, should I "chown -r root /Applications" or "chown -r admin /Applications", to disable this approach?

dave

On Aug 29, 2012, at 12:25 , Todd Heberlein <email@hidden> wrote:


On Aug 29, 2012, at 8:52 AM, David Emery <email@hidden> wrote:

So how does Firefox (and other applications) manage to update stuff in /Applications withOUT an Admin password?  I know that's restating my original question, but it sure seems to me that based on core Unix, /Applications should not be writable by the current user, and that's why you get prompted for an Admin password to install software.  

In both Chrome and Firefox, the actual binary is owned by the user who installed it (typically the sys-admin)

$ ls -l /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome 
-rwxrwxr-x  1 heberlei  admin  14208 Aug 17 10:46 /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

So any program that runs as me (heberlei), even in the background started automatically without your knowledge, has the permission to overwrite this binary.


I wrote up a paper on the Google update process, which behaves very much like a command & control agent used by an advanced persistent threat. I suspect firefox might do something similar too.

The Advanced Persistent Threat You Have: Google Chrome
http://www.netsq.com/Documents_html/GoogleAPT/

Here are just some of the reasons Google's software update system can serve as a model APT. (1) There is a bootstrapping program, GoogleSoftwareUpdateAgent, buried deeply in a user's home directory. Few people know it is there, even fewer probably know when it becomes active. It neither requests permission to modify your system nor notifies you when it does. (2) Detailed analysis of this bootstrapping program cannot reveal what it may do because actual actions (via programs & scripts in this case) are only received from the Internet at runtime. (3) A critical executable (one you trust with your passwords for many important network services) will be modified.


Todd



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: [Fed-Talk] Firefox self-update? (From: David Emery <email@hidden>)
 >Re: [Fed-Talk] Firefox self-update? (From: "Jonathan E. Hardis" <email@hidden>)
 >Re: [Fed-Talk] Firefox self-update? (From: David Emery <email@hidden>)
 >Re: [Fed-Talk] Firefox self-update? (From: Todd Heberlein <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Firefox self-update?
  • Next by Date: Re: [Fed-Talk] Firefox self-update?
  • Previous by thread: Re: [Fed-Talk] Firefox self-update?
  • Next by thread: Re: [Fed-Talk] Firefox self-update?
  • Index(es):
    • Date
    • Thread