lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Oct 2003 12:46:56 -0500 From: Adam Shostack <adam@...eport.org> To: James Kelly <macubergeek@...cast.net> Cc: bugtraq@...urityfocus.com Subject: Re: Mac OS X vulnerabilities You're commenting on 1 of 14 issues listed in http://docs.info.apple.com/article.html?artnum=61798 I am perfectly capable of reading the CVE entries, and deciding, issue by issue, if it's worth fixing, and if so, how to fix it. However, being a security expert should not be a requirement for using a commericial OS. If these issues are worthy of fixing, they should be fixed in 10.2.8. Adam On Wed, Oct 29, 2003 at 07:58:54PM -0500, James Kelly wrote: | This vulnerability is much ado about nothing | It was caused by developers of shareware using third party installers | which changed the permissions on certain | directories of MacOS X. | | Problem largely solved with the increased use of Apple's installer | | AND | | problem is easily fixed by adding this command to a root cron job. | | diskutil repairpermissions / | | Above command can be run every day for your paranoia protection ;-) | | | jamesk | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Powered by blists - more mailing lists