Bugtraq mailing list archives
Re: Mac OS X setuid root security hole
From: Kee Hinckley <nazgul () somewhere com>
Date: Wed, 17 Oct 2001 15:51:45 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:53 PM -0400 10/17/01, rotaiv wrote:
I can't recall if I have seen this on BugTraq so forgive me if this is an old issue. Try these steps on an OS X machine (not logged in as root) - Open up the terminal application - Quit the terminal application - Open up NetInfo Manager (leave it in the foreground) - Open up the Terminal application form the "Recent Items" list in the Apple Menu.
You can slightly reduce the risk by going to Recent Items, clearing the list, and then editing (with your favorite text editor) ~/Library/Preferences/com.apple.recentitems.plist. Change the values for maxapp and macdoc to 0. (The UI lets you change the values to a present list, but 0 isn't one of the options.) That won't stop someone from going to the preferences and turning it back on again (you can't lock General preferences), but it at least means any bypass requires more time. That said, Recent Items is not the sole problem. The Services menu also launches applications with the permissions of the application that currently owns the menubar. You can easily use this to bring up a text editor running as root. - -- Kee Hinckley - Somewhere.Com, LLC http://consulting.somewhere.com/ nazgul () somewhere com (or ...!alice!nazgul for time travelers :-) I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBO8347SZsPfdw+r2CEQIp2wCg2RBJ10ER3EivFzQA/jO4GZAbfGAAn3Op 8P9ospS9RAkwhaCH93aFO1qQ =fsSL -----END PGP SIGNATURE-----
Current thread:
- ISS Security Advisory: Citrix MetaFrame Remote Denial of Service Vulnerability X-Force (Oct 16)
- Mac OS X setuid root security hole rotaiv (Oct 17)
- Re: Mac OS X setuid root security hole Florian Kohl (Oct 17)
- Re: Mac OS X setuid root security hole Chris Adams (Oct 17)
- Re: Mac OS X setuid root security hole Ken Schweigert (Oct 17)
- Re: Mac OS X setuid root security hole Kee Hinckley (Oct 17)
- Re: Mac OS X setuid root security hole Chris Adams (Oct 20)
- Re: Mac OS X setuid root security hole Ryan Tucker (Oct 20)
- Mac OS X setuid root security hole rotaiv (Oct 17)