|
#9
September 15th, 2002, 02:02 PM
| ||||
| ||||
| Since the program would write its preference file as root, you could make com.apple.NetInfoManager.plist a symlink to anything on the disk. When NetInfo Manager goes to write its preferences, they'll get tossed over top of whatever you want. I haven't thought of any way to write arbitrary data, but this could at least be used to destroy the system. You could probably make the program safer by removing the 'other' execute permission (chmod o-x) so that only root or Administrators can run it.
__________________ You can have my iBook when you pry it from my cold, dead fingers. iBook - The computer of choice for the enlightened CS major. Come on Apple, let me do a commercial. ;-) "An alloc a day keeps the DRAM away!"  |
|
#10
September 15th, 2002, 02:09 PM
| ||||
| ||||
| I personally would see how it runs (and if it works) without the setuid bit. I have doubts that it truly needs it myself.
__________________ iMac G5 2.0Ghz (10.4.x, Main System) MacBook 1.83Ghz (...Feburary) "Sometimes I drive to run from all my demons \ Sometimes I drive so I can be alone \ Sometimes I drive to see the world in different light \ Sometimes I drive for no reason at all" - Assemblage 23, Drive |
|
#11
September 15th, 2002, 03:11 PM
| |||
| |||
| This email was posted to Bugtraq. It is not the old netinfo-terminal root exploit. It does however require the insane step of making a custom printer driver (!) that then loads the terminal as root. Pretty damn unlikely. I'm sure apple will fix it but it is NOT a severe bug. It is a nearly impossible to exploit bug. |
|
#12
September 15th, 2002, 04:58 PM
| ||||
| ||||
| Okay, so lemme get this straight... the user has to write a custom printer driver, GET THAT INSTALLED (How? Social Engineering is required, or having an Admin password, which makes the whole exploit moot), then print something from an app such as NetInfo being run as root... Until I see a method of getting a custom printer driver installed WITHOUT at least admin privs, or an admin password, this exploit cannot be taken advantage of to get root access in the terminal. If they had either, they already CAN get root access in the terminal with that admin password. Yes, it is bad that this app is running as root. I just don't see how it could be used for anything but file-destroying purposes. |
|
#13
September 15th, 2002, 10:19 PM
| ||||
| ||||
 Quote:
 And it's true you need physical access to the computer, in which case one can just boot to a CD and mess about. But then again I don't like to leave loose ends lying about, no matter how small.
__________________ //Gwailo// iMac TFT 700MHz G4, 786 RAM, 40GB Internal DVD-ROM/CD-RW 12x8x32 USB 64MB Flash Drive Wacom Graphire2 Tablet Epson 777i Colour Printer Canon PowerShot S30 Digital Camera JVC GR-DVF21 NTSC MiniDV Camera Canon EOS Elan II (35mm) "Like a beautiful flower full of colour and also fragrant, even so, fruitful are the fair words of one who practices them." --54th Surtra, The Dhammapada |
|
#14
September 15th, 2002, 10:52 PM
| ||||
| ||||
| True... I am just saying this isn't quite as bad as people think it could be  After all, don't I need physical access or VNC to control NetInfo to do the deed? Apple will take their time on this one... maybe a Sept Security Update will address it.
__________________ iMac G5 2.0Ghz (10.4.x, Main System) MacBook 1.83Ghz (...Feburary) "Sometimes I drive to run from all my demons \ Sometimes I drive so I can be alone \ Sometimes I drive to see the world in different light \ Sometimes I drive for no reason at all" - Assemblage 23, Drive |
|
#15
September 15th, 2002, 11:11 PM
| ||||
| ||||
 Indeed Oh yeah, I'm not bugging out; just giving my $0.02, and I agree that Apple will pro'lly do something about it in the near future. 
__________________ //Gwailo// iMac TFT 700MHz G4, 786 RAM, 40GB Internal DVD-ROM/CD-RW 12x8x32 USB 64MB Flash Drive Wacom Graphire2 Tablet Epson 777i Colour Printer Canon PowerShot S30 Digital Camera JVC GR-DVF21 NTSC MiniDV Camera Canon EOS Elan II (35mm) "Like a beautiful flower full of colour and also fragrant, even so, fruitful are the fair words of one who practices them." --54th Surtra, The Dhammapada |
|
#16
September 16th, 2002, 06:42 AM
| ||||
| ||||
| Incidentally Disk Utility.app is also setuid 0. -Rob
__________________ There are only 10 kinds of people in the world: Those who understand binary, and those who don't. |
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| A bit of nostalgia: A Salute to Mac OS X | simX | Apple News, Rumors & Discussion | 31 | March 24th, 2005 07:45 AM |
| HP Photosmart 1315 and USB Print Sharing | zwheeloc | Mac Classic System & Software | 12 | February 6th, 2003 09:20 PM |
| apps list | Mac Osxtopus | Mac OS X System & Mac Software | 7 | May 29th, 2002 12:31 PM |
| Apple: Forget XP, try the Mac | tagliatelle | Bob's Place | 1 | November 25th, 2001 07:12 AM |
| Netscape 6.1 Profile Transfer from Mac OS 9.2.1 to Mac OS X | chemistry_geek | Apple News, Rumors & Discussion | 0 | October 12th, 2001 06:42 PM |
All times are GMT -5. The time now is 06:39 AM.
