|lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives
Date: Fri, 26 Jan 2007 05:45:35 +0100 From: Ben Bucksch <news@...ksch.org> To: Marvin Simkin <Marvin.Simkin@....edu> Cc: bugtraq@...urityfocus.com Subject: Re: Remove all admin->root authorization prompts from OSX Marvin Simkin wrote: > I respectfully disagree with this proposal and maybe we should discuss it. > > Being a member of the admin group is NOT 100% equal to being root. Well, almost. Given that admins have write access to /Applications/, they can install trojans there, which will be run by all users. The main purpose - IMHO - of root is to protect users from each other, not to protect the system binaries (the latter is just a necessity for the former), so that's already failing here. Even though theoretically useless, the prompt does have a practical value: Applications which are not outright illegal, i.e. from normal companies, and therefore would not employ above techniques, may still harm the system by installing dangerous or misbehaving binaries in /System/ et al. A lot of Mac apps are just bundles which can be "installed" by simply copying to /Applications/ or elsewhere, and similarly uninstalled, and don't affect the system (modulo trojans). Some come with installers just to show the license or similar silliness. When I install an app and I get asked for a root password, that is sign for me that the app will deeply change the core system and thus alter the behaviour of the machine even when the app is not running. Maybe half of the time, I deny the request and stop the installation. For me, a Yes/No dialog box instead of password entry would achieve the same, but I find *some* barrier to root useful in many realworld situations, even if it doesn't protect from trojans. I think it also makes sane app vendors try to avoid requiring the system priviledge, which is a huge actual gain. It does provide some false sense of security, but so does the user/root separation on single-user machines. (Esp. most Linux geeks have this false sense.) A malware program running under my user account already has access to my files - rooting the system doesn't gain much. Exceptions: network sniffing and special (and rare) solutions to protect certain files.
Powered by blists - more mailing lists