Securing OSX - some tips from the Linux side

Discussion in 'macOS' started by whooleytoo, Mar 21, 2006.

  1. whooleytoo macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #1
    Sudo vs Root


    An interesting article on how to make OSX more secure than the default installation (largely by making it more difficult for admin users to log in as root).
     
  2. idea_hamster macrumors 65816

    idea_hamster

    Joined:
    Jul 11, 2003
    Location:
    NYC, or thereabouts
    #2
    That's really interesting -- it goes to show just how limited my knowledge is, since I thought that the whole system of leaving root disabled was top-notch.

    Also, the author mentioned "privilege escalation." I've heard that there are escalation security holes in OSX before. Does anyone know how these work?

    (BTW, I'm not asking for a hacking tutorial here in a public forum. But rather an explanation of how such an attack works. :) )
     
  3. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #3
    Privilege escalation techniques can work in a number of ways.

    Using or fooling some launcher daemon into running som code for you with higher privileges than the user you're logged in as for is one method. For instance, registering a program with 'at' on Windows will make the program start with system level privileges.

    Sometimes a system procedure has race conditions that can be exploited. For instance, a system request may at some point open a pipe or other insecure method of communicating with another process. Sometimes it is possible to grab that pipe before the communication is established properly and use that to do something with higher privileges that usual.

    Buffer overflows or other low-level vulnerabilities in system utility programs can sometimes also be exploited to elevate privileges.

    Privilege escalation vulnerabilities are so common that every OS out there has several new vulnerabilities of this kind discovered every year.
     
  4. thestaton macrumors 6502

    Joined:
    Jan 19, 2006
    #4
    if one goes this route - would you still be able to update the os, install / run apps without a hitch?

    thanks
     
  5. whooleytoo thread starter macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #5
    I don't see why not - as long as you're in the admin group or you have the username & password of a user in that group.

    (Then again, I haven't tried out these tips yet either!)
     
  6. idea_hamster macrumors 65816

    idea_hamster

    Joined:
    Jul 11, 2003
    Location:
    NYC, or thereabouts
    #6
    Wow. That's kind of amazing in a cool/terrifying way.

    I guess this means that to think I'm safe, I have to (i) password protect my screensaver, (ii) log out more than I do, (iii) get rid of that convenient "Guest" account that I set up with "controls" on what the guest can do, and (iv) really keep an eye on who sits at the keyboard.

    At least I don't have to worry all that much about remote no-account arbitrary code execution. Or do I?? :eek:
     

Share This Page