GIANT HUMONGOUS HOLE in mac os x security!!!

[solrac]

Login to a Mac OS X's user's account through windows file sharing on a PC....

Let's assume there are 2 users, one called "Administrator", and the other called "Guest". Guest has no priveledges, Adnimistrator has admin priveledges.

The PC in question is a Windows 2000 Pro box. It finds the mac in the "my network places / computers near me" window.

The PC user clicks on the mac's computer icon and enters the username "Guest", and its password... uh.. "guest".

The PC logs in fine. An explorer window opens up with this in the address bar:
\\Macintosh-computer\guest

All I have to do now, is change that to
\\Macintosh-computer\administrator

BOOM! I have access to the administrator's files, and I can even write to disk and delete things!!!

And if I copy a file to the administrator, and try to open it as administrator, I can't! It belongs to "guest"!! It's retarded!!!

So basically, if you log in to ANY user account through windows, you automatically have access to ALL user accounts, including administrators!

Except for root (thank god). Root is not accessible, but only by a "path not found" error, not a "password incorrect" error. Very unsettling...

What do we do????

 

[senne]

we call apple!

 

[fryke]

Hmm... can you actually CHANGE admin's files or just read them and write new ones? Does the guest account belong to the same group as administrator? Are the administrator's files set to be group readable, the directories set to group writeable?

 

[Jason]

you can set priveledges via samba though

 

[solrac]

it doesn't matter!!!!!

If you try to access another user's files, you should be asked for a password!!!!

RIGHT????

 

[Sogni]

Um...
I don't have a "guest" user on my Mac,
Checked Accounts from Prefs, checked NetInfo Manager, 'n checked /etc/passwd.
No "guest" account...

 

[Sogni]

Since I have no "guest" account, I created a test account... did what you did and I can ONLY get the to root folder for that user, which only shows all the sub-folders - that's it! Nothing more!

I can't browse through the sub-folders nor write files ("Unable to create the folder 'New Folder', Access is denied").

I do have two folders I can browse through, wich are "Sites" and "Scripts", because I have changed permissions on them previously.

drwx------   7 sogni  staff    238 Dec 17 09:50 Desktop
drwx------  16 sogni  staff    544 Dec 15 00:01 Documents
drwx------  32 sogni  staff   1088 Dec 15 23:57 Library
drwx------   5 sogni  staff    170 Dec 14 22:36 Movies
drwx------   6 sogni  staff    204 Dec 12 10:20 Music
drwx------  13 sogni  staff    442 Dec 12 13:14 Pictures
drwxr-xr-x   4 sogni  staff    136 Dec 11 21:29 Public
drwxrwxrwx  10 sogni  staff    340 Nov 24 14:02 Remote Connections
drwxrwxrwx   6 sogni  staff    204 Dec 12 10:50 Scripts
drwxr-xr-x  12 sogni  staff    408 Dec 12 10:20 Sites

You might want to fix your permissions so that the files can't be mucked with. As you can see, I make it a habit to NOT write anything to the root directory on my account, everything is inside of the other folders - that are well protected.

 

[Sogni]

To fix your permissions, simply launch the Terminal App, and you'll automatically be placed in your root folder, so type this:

chmod u=rwx,g=,o= folder/

where "folder/" are the individual folders you don't want people having access to.

Also, if you don't want anyone AT ALL to access your user's folder, from the terminal simply do this:

cd /Users
chmod u=rwx,g=,o= user/

where "user/" is your user directory.

My folder now looks like this:

drwx------  27 sogni  staff    918 Dec 12 12:49 Applications
drwx------   7 sogni  staff    238 Dec 17 09:50 Desktop
drwx------  16 sogni  staff    544 Dec 15 00:01 Documents
drwx------  32 sogni  staff   1088 Dec 15 23:57 Library
drwx------   5 sogni  staff    170 Dec 14 22:36 Movies
drwx------   6 sogni  staff    204 Dec 12 10:20 Music
drwx------  13 sogni  staff    442 Dec 12 13:14 Pictures
drwxr-xr-x   4 sogni  staff    136 Dec 11 21:29 Public
drwx------  10 sogni  staff    340 Nov 24 14:02 Remote Connections
drwx------   6 sogni  staff    204 Dec 12 10:50 Scripts
drwx------  12 sogni  staff    408 Dec 12 10:20 Sites

And NO ONE can access my folder from another computer - BUT doing the 2nd command disables the ability to share files from the 'Public' folder, so only do the 2nd command if you REALLY want to keep everyone out.

 

[Austin Powers]

Did someone say giant humongous hole? Oh my... better get that stiched up baby! Yeah!

 

[solrac]

I was able to go beyond the root folder of the user account and even into the desktop!

My permissions are not bad, it's a fresh install of os x 10.2.2

So then the default permission setup allows anyone to browse any one else's files....

is this not a security hole???

 

[Sogni]

Originally posted by solrac
I was able to go beyond the root folder of the user account and even into the desktop!

My permissions are not bad, it's a fresh install of os x 10.2.2

So then the default permission setup allows anyone to browse any one else's files....

is this not a security hole???

Mine is a fresh install of Jaguar too (redone just a few days ago from the 10.2 CD)...
You got me there...

 

[solrac]

hmmm.... I'll let this thread sit here for a few days but if no one knows anything further I better report this to Apple...

 

[Sogni]

Hmmm... solrac, how did you install Jaguar? Fresh install (reinitialized harddrive) or an upgrade? Wonder if there is anything there...
Agreed either way, it should NOT be open like that by default nomater how installed.

Maybe people who are (re)installing Jaguar should let us know what their default User permissions are, and how they installed Jaguar - there might be something there...

 

[solrac]

I did a fresh install - reinitialized hard drive.

Hmmm.... I did make a user called "Disks" and then went into netinfo utility and changed their home directory to '/Volumes', so that I could share my ipod with a windows computer by logging in as "Disks"... but I don't think that should do anything bad .... would it?

 

[Urbansory]

Well i hope thats not true, although thats why i leave my computer off the campus network. I did plan on connecting so i can grab my audio files when in class, but I will try this on a few windows machines on our local network and see what i can get. I know you cab access guest by default if sharing is on, but i changed the privs so noone could place things in my drop box. But if this is true....let me go find out.

 

[marz]

Could be that Windows cached your credentials from the iPod mapping and is using those credentials to browse since you say the Disks account had permissions to /Volumes??

 

[fryke]

it's a shame Apple ever opened Windows' access to our superior computers. SMB sharing? Pfhh! Nothing but pure AppleTalk will ever talk to my computers besides TCP/IP.

 

[sandsl]

This 'hole' isn't on my machine (Powerbook G4 800mhz). I have no guest access, but I do have multiple accounts. Using Windows, I can only login using the set usernames/passwords of each account user, and then only access the files for thom I am logged in as. Therefore I have no security concerns about Jaguar.

How many people are experiencing this problem? I think its a permission problem on a few machines, but could be wrong. The best solution is to test *your* individual setup with your Windows Network if you have any concerns & turn off guest access if it is of no use to you.

Remember that holes in Microsoft Windows are found monthly, if this does turn out to be a hole in Mac OS X, it is a rare occurance.

 

[Mills]

er... I'm pretty sure this isn't a fault, I've been taking advantage of it for a while thinking it was the norm. I have my ~/music folder shared across the network at campus.

The windows users all have their own account, but, using your example, they just immediately open my home folder not their own folders, ie. they try accessing smb://my.ip/my.user, when asked for their passwords and users they simply enter theirs. All their doing is simply reading that network share as opposed to their own. Either way, their accoutns still work.

It should just be like them signing in directly at your computer. They should have read access to most of the computer, but they shouldn't be able to get read access to any of your folders deeper than your home directory unless it's your drop box or you've specified that they can. Just change the privildges and all should be fine.

 

[solrac]

There's some confusion here. Everyone thinks I have some kind of special "guest" account. I don't. I just have a regular user account that happens to be named "guest".

Anyway, your smb://my,ip/my.user example to share the ~/music folder across the network is not a good example.

How about if someone accessed your music folder, could they also access ~/Desktop as well? And delete all your files? Or read all your files?

I never touched any of my permissions, they are at apple's factory settings and I don't know if I want to go around changing them...