BEWARE: 10.3.9 breaks standard Unix functionality

Discussion in 'macOS' started by Bear, Apr 15, 2005.

  1. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #1
    From the 10.3.9 announcement email I just received, Apple removed some standard Unix functionality because it is a security threat:
    However, some shops may have written scripts that depend on that functionality being there.

    What third party applications may have been broken because of this? What places that use Mac servers are not going to be able to update to 10.3.9 without issues because of this?

    I know I had a few scripts set up that way.
     
  2. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #2
    If the flaws found in MacOS X (Darwin) also exist in other implementations of BSD, then the fixes to the flaws will also propagate to other implementations of BSD. This means that scripts that depend on these flawed functions will have to be changed irrespective of BSD implementation.
     
  3. Bear thread starter macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #3
    Actually, I wdon't think I was stating whether it was a good or a bad fix. I was pointing it out so people didn't get bitten by it.

    And it's not just BSD, every flavor of Unix (including Linux) has(had?) the SUID/SGID functionality. There are a lot of scripts in use that depend on this. And you know something, Unix has had this functionality for like forever and it hasn't been a big issue.
     
  4. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #4
    Yes and it's often been the source of privilege escalation attacks. There was a well-known Perl suid issue about four years ago, and there were Apache suexec issues (a similar sort of thing) prior to that. I'm pretty sure Red Hat, and likely most other Linux vendors, now disables suid-like capabilities by default - you can always manually enable them if you need it.
     

Share This Page