Re: Xcode 3.1 is available at connect.apple.com (Part 2b)
Re: Xcode 3.1 is available at connect.apple.com (Part 2b)
- Subject: Re: Xcode 3.1 is available at connect.apple.com (Part 2b)
- From: Bill Bumgarner <email@hidden>
- Date: Sat, 12 Jul 2008 09:48:36 -0700
On Jul 12, 2008, at 9:36 AM, Jeff Johnson wrote:
A remote exploit for "/Library/Caches/com.apple.Xcode.503/
SharedPrecompiledHeaders/Cocoa-byhqthbdzrfwhagxhifeykxwodun/
Cocoa.h.gch"?
Not a remote exploit, but a local one. And, yes, that particular
file is an attack vector, though far from the easiest one.
In particular, that location was more vulnerable to an attacker
dropping a file in the cache that would cause the resulting build
product to contain nefarious code, effectively turning a developer's
application into a trojan.
/Library/Caches was read/write by all. /var/folders is owned by root
and the subdirectories are the only part readable by your individual
user, said subdirectories handed out by the system API. While it is
still possible for it to be exploited as described, it is much harder
and it requires either superuser access or your user account must be
compromised.
b.bum
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden