• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Project Assistant renames home folder without authorisation
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Project Assistant renames home folder without authorisation

  • Subject: Re: Project Assistant renames home folder without authorisation
  • From: Greg Guerin <email@hidden>
  • Date: Tue, 20 Jun 2006 09:17:46 -0700
Rua Haszard Morris wrote:

>What happened next was a shock - it moved the original destination folder
>aside (by renaming it) presumably so I could recover my previous .DS_Store
>if need be (aargh). This was really bad because I was creating the project
>in my home folder (as a sandpit, away from the real source tree), and the
>project assistant had renamed my home folder. As you could expect, this
>caused some serious issues with the rest of the system; e.g. Mail.app
>thought that all my email was "not available while offline" etc.
>
>So I've managed to move my real home folder back now - but I had to sudo,
>why could the project assistant do it without getting permission? If this
>isn't a security hole it's definitely a usability hole!

Moving aside (i.e. renaming) your home folder is not a security violation,
assuming it's in /Users and you're logged in under an admin acct.  The
/Users folder has write-permission for admin users, and is "sticky" (read
'man sticky' for explanation).  If you were logged in as an admin user,
then you, as the owner of your home folder, can rename it within /Users.
You can also create a new folder there without sudo'ing first.  This is
standard BSD permissions behavior.

Without knowing the exact sequence of commands you used to return your home
folder to its original state, all anyone can do is guess as to why 'sudo'
was needed.  My first guess is that a login account without a home folder
is in deep trouble.  At the very least, there are probably some required
files in ~/Library that would be missing.  Without them, I suspect many
programs would fail.  That's just a guess, though, since without details,
the cause could be anything.

 From the information you've supplied, I see no security flaw, although it
seems like a serious template-handling bug if it moves aside an entire
folder just to preserve a .DS_Store file.

  -- GG


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: gdb says: internal-error...
  • Next by Date: Re: Making GCC less sensitive about duplicate typedefs?
  • Previous by thread: Debugger loads the same dll 2 times. Known Issue ?
  • Next by thread: Subversion and Xcode
  • Index(es):
    • Date
    • Thread