On Wednesday, May 29, 2002, at 06:05 PM, Dean Reece wrote: 2) I do agree with the fact that owner/group must be root/wheel for items inside /System but I do not agree that it should be the case when they are in /Library. The ownership requirement is necessary regardless of location for security reasons. A KEXT contains a binary that is loaded into the kernel and executed. If that binary can be written by non-admin users, then it can become a vehicle for all sorts of nasty attacks. For the purposes of security, a KEXT must be thought of as a setuid binary and treated as such. This is why I don't understand why rwxrwxr-x root/admin is considered incorrect: - with this setting, the binary can't be written by non-admin users. - if an user is in admin but not wheel then he can create a Startup Item which will be launched at boot time with the root privileges. So instead of trying to change a kext, would I want to do a nasty attack, I would just create a Startup script with rm -r /Users for instance. Maybe due to some HFS+ stuff (don't remember if the fact that you couldn't rm files with the Lock option set from the Finder has been fixed or not) I may not be able to delete everything but it will be nasty. In fact I just did the test. I created an user with admin permission. I then remove it from wheel using NetInfo. I logged in with this user account and created a small StartupItem whose sole purpose was to touch a file in /Library/StartupItems/. The StartupItem was launched and the file was created with -rw-r--r-- root admin permission. So I tend to believe a rm -r /Users would be nasty if sent from this script. This requires a reboot but since you need to be root or sudoed to kextload a kext, this is quite the same situation. _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.