Thread: Viruses on OS X
View Single Post
  #29  
Old April 9th, 2005, 07:43 PM
Andrew Adamson's Avatar
Andrew Adamson Andrew Adamson is offline
Got root? Sudoes.
  
Join Date: Mar 2005
Location: Osaka, Japan
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
Andrew Adamson has a spectacular aura aboutAndrew Adamson has a spectacular aura about
Quote:
Originally Posted by TommyWillB
That's not true.

OSX does not ship with Apache/PHP running!

If it was running "from the day (you) bought" it, that's because YOU turned it ON while exploring your new machine!

Besides, its pretty d#*n hard to exploit PHP if you don't actually have PHP scripts in your docroot... And Apple absolutely does not ship OS X with any PHP scripts active.
Excuse me. Did I say Apache? Go to the command prompt and type 'php', you get PHP. I sure do. That is what I am talking about.

My specific issue with PHP (and Perl, Python, &c) is this. First, I am not that concerned that some anonymous cracker can connect to the user's machine to do nefarious things in PHP because at the moment I don't think they can (at least not without the user's help). The firewall seems to me to be pretty solid and will stop inbound anonymous traffic, and without Apache running as a service, there is no easy way to contact PHP from the outside world -- without my help. Fine. We're on the same page on this one. My first problem is that they have installed an extrememly powerful, scriptable language that has documented vulnerabilities, including techniques (certainly in Linux) to ESCALATE permissions to root, and which the VAST majority of users aren't aware of and won't use (you can argue for leaving Python installed because a lot of installers are written in it, but PHP???). The second is that they, at least at present, do not seem to be offering any patches to bring it up to the present release through the automatic update process. The third is that the firewall does not appear to stop OUTbound traffic of any kind, and does not alert the users to any new traffic patterns AND (from what I can see) does not stop inbound responses to that traffic. Install BitTorrent, it works just fine without tuning the firewall. Install a PHP Spambot, it works just fine too, I reckon.

So, again, my worries are 1) known vulnerabilities, 2) no automatic patching to current builds, 3) no way to warn users of new processes or stop outbound traffic.
Reply With Quote