1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

unix permissions

Discussion in 'Mac Programming' started by sk3pt1c, Dec 26, 2005.

  1. macrumors 6502a

    sk3pt1c

    #1
    i'm thinking of changin group and others permissions with chmod for all my files to none,so no viruses and spyware can access or at least damage them
    will that cause conflicts with programs and will it really do what i want it to do?
     
  2. macrumors 68030

    superbovine

    #2
    yes and no
     
  3. jhu
    macrumors 6502a

    jhu

    #3
    mostly no. if you inadvertantly run a virus, the virus will run with your permissions and still be able to do whatever you are able with your permission level.
     
  4. macrumors 68000

    #4
    Viruses and Spyware... you're funny, y'know that?
     
  5. macrumors 603

    jeremy.king

    #5
    Might as well delete all your files, then viruses will never get to them. No need to change permissions.
     
  6. macrumors 6502a

    sk3pt1c

    #6
    sorry greatdevourer, i didn't get that
    would you mind explaining yourself?
     
  7. Moderator

    yellow

    Staff Member

    #7
    There's no viruses for OS X. None. Zip. Zilch.

    Chances are quite high that changing your permissions thusly will cause more annoyances than save you from non-existant viruses.

    Don't bother.
     
  8. macrumors 601

    zimv20

    #8
    the unix permissions exist in order to provide/deny access to other users and groups (and programs, which belong to some system user, human or not). any malevolent program is going to run either as yourself, in which case it will have unlimited access to your files, or as a root process, which has the same effect.
     
  9. macrumors 6502a

    sk3pt1c

    #9
    cool
    ok thanks guys
    i bet there are viruses for X as well as for everything else though
    thanks for the info
    happy new year
     
  10. macrumors 68000

    #10
    Nope. People have tried. There have been contests with money (sometimes paltry, but sometimes a lot more). As for "everything else", there are 9 for the entire history of Linux, one of which doesn't count (a true "anti-virus" - it exploited a hole, then once inside, it patched that hole :p)
     
  11. macrumors 65816

    topgunn

    #11
    I love the open-source community.
     
  12. Moderator

    yellow

    Staff Member

    #12
    You would loose that bet.
     
  13. macrumors newbie

    #13
    + dont forget that most network scripts rely heavely on groups, and some will grant access to something with no group to everyone!
     
  14. macrumors 6502a

    sk3pt1c

    #14
    ok,thanks guys

    i guess only time will tell :)
     
  15. Moderator

    yellow

    Staff Member

    #15
    Yup.. (nearly) 5 years and waiting..
     
  16. jhu
    macrumors 6502a

    jhu

    #16
    security requires continual vigilance
     
  17. Moderator

    yellow

    Staff Member

    #17
    That's not a virus.

    And if by vigilance, you mean, not being a moron, then yes.. security requires continual(ly) not being a moron.
     
  18. jhu
    macrumors 6502a

    jhu

    #18
    alright, well about an actual exploit then?

    people say how windows has more viruses than other operating systems. i suspect this has as much to do with market share as being against "the man."
     
  19. macrumors 6502a

    #19
    The linked page describes a Malware script that collects a bunch of information and opens up services on an OS X box. The script also installs itself as a startup item. However, it is not a virus. This script needs to be explicitly run by an admin user, and surprise, surprise, an admin user can turn on services and collect data from the machine.

    The ability to turn on services and obtain data from the machine does not indicate a security hole or anything that implies the potential for a virus. It does mean that an admin user has full access to the machine. This is intended otherwise there would be no way to, say, turn on services.

    This is just another reason why you should never run untrusted code (and never trust any random code you find on the internet). It is also a good reason why experts recommend that average users should not use an admin account as their day to day account. Rather they should set up two accounts an admin account and a regular user account. For day to day use they should only log into the user account and only use the admin account (or the admin username and password) for installation and other activies.

    Here is a script that will cause actual damage on your system (but it also is not a virus... it also needs to be run by an admin user):
    Code:
    #/bin/sh
    # Do not run this script as it will destory your OS X installation!!!!
    /usr/bin/sudo /bin/rm -rf /
    
    Warning to all reading this: running the above script on your OS X box will wipe your installation. This would be bad for you. :)

    While we are on the subject, here is a nasty piece of C code that if run will prevent you from starting any programs and eventually will consume all your memory:

    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    main() {
        while(1) {
           fork();
           malloc(1000);
        }
    }
    
    I would also advise you not to run this code. However, the two statements in this code that causes these problems (malloc and fork) are exactly the same statements used by the finder whenever you run an application. Without these program commands it would be impossible to start a new application and it would be impossible for an application to load data.

    The point is that for an Operating System to function you need certain powerful functions to be available. These functions can be used for good or evil, but they are not in and of themselves security holes. However, once a virus has gotten onto a system via a security hole it will almost certainly be using these powerful functions to do its darstardly deeds. :)
     
  20. macrumors 6502a

    Randall

    #20
    Once there is enough people using OS X, a virus will be made. There have been viruses for Linux, although only a handful. And there have been viruses for other UNIX based systems as well. Don't think because it hasen't happend yet that it will never happen. That's just stupid logic with no basis. The Automator would be a nice gateway to propigate a virus, belive me. There are plenty of jerks out there that want to be famous, and once one virus is written, pandoras box is open.
     
  21. macrumors 6502a

    Randall

    #21
    Well you don't have to be a "moron" to screw up. You don't have to be l33t to know what you're doing either, but everybody makes mistakes.
     
  22. macrumors 68020

    yippy

    #22

    Also, if you saw the bottom of that article, the "hole" was fixed in the next version of iTunes so is no longer a factor.
     
  23. macrumors 6502a

    Randall

    #23
    A Computer Virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents.

    Ok so it's technically not a virus, since it needs somebody with admin to physically execute, but it is damn close to being one.


    Also, a fork bomb is not a virus. Although they suck bigtime. :p While we're at it, never type this in the Terminal either:
    Code:
    :(){ :|:& };:
    Same effect as C code = The system is hosed.
     
  24. macrumors 68000

    #24
    Ooo, wow... an exploit... go to osvdb.org and search for "mac". Trust me, you'll find hundreds, thousands even. Big. *****. Deal. They're all patched.

    Don't take that attitude. Enough people do use OSX and enough people know it exists. As said before, people have tried again and again, yet nothing happens. Trust me, if you make one, you will be very famous within the security community, even now.
     
  25. Moderator

    yellow

    Staff Member

    #25
    I don't want to beat this dead horse again. There's a multitude of reasons there are no viruses for Macs. I won't innumerate them here..
     

Share This Page