lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Jan 2007 05:45:35 +0100
From: Ben Bucksch <news@...ksch.org>
To: Marvin Simkin <Marvin.Simkin@....edu>
Cc: bugtraq@...urityfocus.com
Subject: Re: Remove all admin->root authorization prompts from OSX

Marvin Simkin wrote:
> I respectfully disagree with this proposal and maybe we should discuss it.
>
> Being a member of the admin group is NOT 100% equal to being root.

Well, almost. Given that admins have write access to /Applications/, 
they can install trojans there, which will be run by all users.

The main purpose - IMHO - of root is to protect users from each other, 
not to protect the system binaries (the latter is just a necessity for 
the former), so that's already failing here.

Even though theoretically useless, the prompt does have a practical value:

Applications which are not outright illegal, i.e. from normal companies, 
and therefore would not employ above techniques, may still harm the 
system by installing dangerous or misbehaving binaries in /System/ et 
al. A lot of Mac apps are just bundles which can be "installed" by 
simply copying to /Applications/ or elsewhere, and similarly 
uninstalled, and don't affect the system (modulo trojans). Some come 
with installers just to show the license or similar silliness. When I 
install an app and I get asked for a root password, that is sign for me 
that the app will deeply change the core system and thus alter the 
behaviour of the machine even when the app is not running. Maybe half of 
the time, I deny the request and stop the installation.

For me, a Yes/No dialog box instead of password entry would achieve the 
same, but I find *some* barrier to root useful in many realworld 
situations, even if it doesn't protect from trojans. I think it also 
makes sane app vendors try to avoid requiring the system priviledge, 
which is a huge actual gain.

It does provide some false sense of security, but so does the user/root 
separation on single-user machines. (Esp. most Linux geeks have this 
false sense.) A malware program running under my user account already 
has access to my files - rooting the system doesn't gain much. 
Exceptions: network sniffing and special (and rare) solutions to protect 
certain files.

Powered by blists - more mailing lists