Bugtraq mailing list archives
Re: MacOSX 10.0.X Permissions uncorrectly set
From: Ethan Benson <erbenson () alaska net>
Date: Fri, 29 Jun 2001 14:41:15 -0800
On Fri, Jun 29, 2001 at 10:14:23PM +1000, Peter Tonoli wrote:
I've just looked into the root of a machine we have here. Not an upgrade from OS 9. Started with install off the release cd, and now 10.0.4 is installed. Seems the following have write access by any user, by default. drwxrwxrwx 21 root wheel 670 Jun 19 10:06 Applications (Mac OS 9) -rwxrwxrwx 1 root wheel 942080 Jun 26 11:03 Desktop DB -rwxrwxrwx 1 root wheel 2831842 Jun 26 09:17 Desktop DF drwxrwxrwx 3 root staff 58 Jun 29 21:51 Desktop Folder drwxrwxrwx 11 root wheel 330 May 29 10:33 Documents -rwxrwxrwx 1 root wheel 0 May 30 13:33 Late Breaking News drwxrwxrwx 49 root wheel 1622 Jun 28 14:29 System Folder drwxrwxrwx 3 xxxxxx admin 264 Jun 28 14:40 Temporary Items drwxrwxrwx 2 root wheel 264 May 28 12:30 TheFindByContentFolder drwxrwxrwx 4 root wheel 264 May 7 10:12 TheVolumeSettingsFolder drwxrwxrwx 2 root wheel 264 Jun 28 14:29 Trash -rwxrwxrwx 1 root wheel 547356672 Jun 28 14:26 VM Storage
All files and directories created by MacOS will have 0777 permissions on the OSX side.
xxxxx is currently logged in. "VM Storage" is an interesting one. Running strings on it gets about 500 outputs of "ISP_Guard_Page", so I assume there's some sort of protection scheme happening there. I don't see what's stopping trojans being installed in Applications, considering it's writable to all and sundry.
the VM Storage file is the MacOS (not OSX) swapfile, i think everyone knows the implications of world readable (much less writable) swap files. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
_bin
Description:
Current thread:
- Re: MacOSX 10.0.X Permissions uncorrectly set gabriel rosenkoetter (Jul 02)
- Re: MacOSX 10.0.X Permissions uncorrectly set patpro (Jul 04)
- Re: MacOSX 10.0.X Permissions uncorrectly set - I got it patpro (Jul 04)
- Re: MacOSX 10.0.X Permissions uncorrectly set - I got it Sandor W. Sklar (Jul 05)
- Re: MacOSX 10.0.X Permissions uncorrectly set - I got it patpro (Jul 05)
- Re: MacOSX 10.0.X Permissions uncorrectly set - I got it patpro (Jul 04)
- Re: MacOSX 10.0.X Permissions uncorrectly set Etaoin Shrdlu (Jul 05)
- Re: MacOSX 10.0.X Permissions uncorrectly set patpro (Jul 04)
- <Possible follow-ups>
- Re: MacOSX 10.0.X Permissions uncorrectly set Ethan Benson (Jul 02)