Re: Xcode 3.1 is available at connect.apple.com (Part 2b)
Re: Xcode 3.1 is available at connect.apple.com (Part 2b)
- Subject: Re: Xcode 3.1 is available at connect.apple.com (Part 2b)
- From: Jeff Johnson <email@hidden>
- Date: Sat, 12 Jul 2008 15:25:31 -0500
On Jul 12, 2008, at 11:48 AM, Bill Bumgarner wrote:
On Jul 12, 2008, at 9:36 AM, Jeff Johnson wrote:
A remote exploit for "/Library/Caches/com.apple.Xcode.503/
SharedPrecompiledHeaders/Cocoa-byhqthbdzrfwhagxhifeykxwodun/
Cocoa.h.gch"?
Not a remote exploit, but a local one. And, yes, that particular
file is an attack vector, though far from the easiest one.
In particular, that location was more vulnerable to an attacker
dropping a file in the cache that would cause the resulting build
product to contain nefarious code, effectively turning a
developer's application into a trojan.
/Library/Caches was read/write by all. /var/folders is owned by
root and the subdirectories are the only part readable by your
individual user, said subdirectories handed out by the system
API. While it is still possible for it to be exploited as
described, it is much harder and it requires either superuser
access or your user account must be compromised.
b.bum
Bill,
Thanks for the information. I assume that Xcode 2.5 is still
vulnerable to this, then?
I don't understand, though, why "~/Library/Caches" isn't used, as
opposed to either "/Library/Caches" or "/var/folders". It seems to me
that all user-specific files should go within the user's home. You
can make an exception for network home directories, as Jens Alfke
suggests, but for everyone else they should go in the home directory
by default.
-Jeff
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden