Re: MacOSX 10.0.X Permissions uncorrectly set

[Peter Tonoli <anarchie () metaverse org>]

On Tue, 26 Jun 2001, kangoo wrote:

> Permissions of /Users/yourname/Desktop which show your desktop is
> xrwxrwxrwx, allowing every user to read/write on your own Desktop folder.
>
> Fix: chmod 755 or chmod 750 /Users/yourname/Desktop
>
> Apple have been warned long ago and as of 10.0.4 it is stil not fixed.

I've just looked into the root of a machine we have here. Not an upgrade
from OS 9. Started with install off the release cd, and now 10.0.4 is
installed. Seems the following have write access by any user, by default.

drwxrwxrwx  21 root    wheel        670 Jun 19 10:06 Applications (Mac OS 9)
-rwxrwxrwx   1 root    wheel     942080 Jun 26 11:03 Desktop DB
-rwxrwxrwx   1 root    wheel    2831842 Jun 26 09:17 Desktop DF
drwxrwxrwx   3 root    staff         58 Jun 29 21:51 Desktop Folder
drwxrwxrwx  11 root    wheel        330 May 29 10:33 Documents
-rwxrwxrwx   1 root    wheel          0 May 30 13:33 Late Breaking News
drwxrwxrwx  49 root    wheel       1622 Jun 28 14:29 System Folder
drwxrwxrwx   3 xxxxxx  admin        264 Jun 28 14:40 Temporary Items
drwxrwxrwx   2 root    wheel        264 May 28 12:30 TheFindByContentFolder
drwxrwxrwx   4 root    wheel        264 May  7 10:12 TheVolumeSettingsFolder
drwxrwxrwx   2 root    wheel        264 Jun 28 14:29 Trash
-rwxrwxrwx   1 root    wheel  547356672 Jun 28 14:26 VM Storage

xxxxx is currently logged in. "VM Storage" is an interesting one. Running
strings on it gets about 500 outputs of "ISP_Guard_Page", so I assume
there's some sort of protection scheme happening there. I don't see what's
stopping trojans being installed in Applications, considering it's
writable to all and sundry.

-- 
Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)