Re:Authorization once, and .dmg
Re:Authorization once, and .dmg
- Subject: Re:Authorization once, and .dmg
- From: Peter Sichel <email@hidden>
- Date: Thu, 17 Oct 2002 12:18:39 -0400
At 2:51 PM +0100 10/17/02, Sak Wathanasin wrote:
Users really like drag-and-drop installs that just work or self repair.
Will they still like it if it's used as a vehicle to introduce a virus?
Perhaps less well, but in order to exploit this, the virus would
need write access to the application bundle. Would need to delete
the existing tools owned by root. Would need to carefully
emulate the verification process used. And finally, would need
to spoof the user into re-authorizing the tools.
The user can minimize such risks by placing the application in
a write protected directory or only authorizing during the install
or first run process. You need admin privileges to install or
repair, but not on each run.
Conditioning the user to authenticate every time they run common
applications seems like a far greater risk. It's relatively easy
for a trojan horse to replace any one of these applications and
ask the user to authenticate.
In any case, Jaguar has broken the self repair feature since
the entire bundle will not copy if any components are owned
by root (so there's nothing to repair).
How many people can honestly say they have never tried to move an application
from one computer to another by copying files instead of finding and
running the original installer? People upgrade computers all the time.
Re-install everything would not be my first choice.
At 8:09 AM -0700 10/17/02, Dave Camp wrote:
> If the Finder can't copy files without preserving permissions/modes,
it's a bug and should be fixed ASAP. I have to say I simply cannot
understand why Apple is treating this issue so lightly, instead
preferring this awful "self-repair" kludge.
That would be a huge security hole. You cannot create a new file with
permissions you are not authorized to grant. Now that I've typed that,
I see what the solution should be... If the Finder is unable to copy
something because you do not have permissions create the new copy
correctly, it should prompt for authorization and then make the copy. I
can see how that might be difficult to safely implement though.
What was wrong with the original unix behavior:
When YOU copy a file you don't have permission to create with
the original owner and privileges, YOU become the owner of the
copy you made.
Notice you have permission to read the file and copy it, you just
don't have permission to create copies belonging to someone else.
Not allowing users to copy arbitrary files to which they have read
access is wrong. In order to be more secure, unix cp works but
the Finder doesn't?
- Peter
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.