lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20031031174656.GA33761@lightship.internal.homeport.org>
Date: Fri, 31 Oct 2003 12:46:56 -0500
From: Adam Shostack <adam@...eport.org>
To: James Kelly <macubergeek@...cast.net>
Cc: bugtraq@...urityfocus.com
Subject: Re: Mac OS X vulnerabilities


You're commenting on 1 of 14 issues listed in
http://docs.info.apple.com/article.html?artnum=61798

I am perfectly capable of reading the CVE entries, and deciding, issue
by issue, if it's worth fixing, and if so, how to fix it.  However,
being a security expert should not be a requirement for using a
commericial OS.  If these issues are worthy of fixing, they should be
fixed in 10.2.8.

Adam

On Wed, Oct 29, 2003 at 07:58:54PM -0500, James Kelly wrote:
| This vulnerability is much ado about nothing
| It was caused by developers of shareware using third party installers 
| which changed the permissions on certain
| directories of MacOS X.
| 
| Problem largely solved with the increased use of Apple's installer
| 
| AND
| 
| problem is easily fixed by adding this command to a root cron job.
| 
| diskutil repairpermissions /
| 
| Above command can be run every day for your paranoia protection ;-)
| 
| 
| jamesk
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ