10.6.3 Permissions Security

Discussion in 'macOS' started by AzureCloud, Apr 7, 2010.

  1. AzureCloud macrumors member

    Joined:
    Jun 20, 2009
    #1
    On 10.6.2, I noticed that in the Get Info window, permissions for a file could be changed without having to "unlock" the operation with the administrator password. This was not the case in Leopard, which required the admin password before permissions could be changed through the Get Info window.

    I found this to be concerning from a security standpoint. I had hoped that 10.6.3 would fix the issue, but it still appears to be a problem. I've noticed this on three different machines, two with clean installs of 10.6 and one with an upgrade from 10.5. Does anyone else notice this issue? Am I right in assuming that this is a security issue? The ability for permissions to be changed for any file directly from the Finder's Get Info window without even an admin password seems to be rather insecure to me.
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    What file/folder were you doing the Get Info on? It matters as you don't need permission to change permissions in your own home directory.
     
  3. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #3
    Angelwatt is correct. You are not required to unlock for an item that you own.
     
  4. scottintosh macrumors member

    Joined:
    Jun 15, 2008
    #4
    My snow leo install does that same as described above. Its weird because there is a closed lock in the lower right corner of the Get Info window, don't know what it is "locking".
     
  5. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
  6. AzureCloud thread starter macrumors member

    Joined:
    Jun 20, 2009
    #6
    Angelwatt and Calderone,

    Now that you mention it, it is only for files that I own that I am able to change permissions. Although, in 10.5, I still had to enter a password to change permissions even on files I owned. Was the behavior in 10.5 actually a bug that was fixed in 10.6? I ask because my computer came with the Leopard drop in disc, so I don't have much experience with OS X outside of 10.5 and 10.6.
     
  7. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #7
    I checked on my 10.5 machine and it is different from 10.6. In 10.5 you needed to unlock before changing permissions, including your own files. I guess Apple felt that was overkill. Now, in 10.6, you only need to unlock in order to use the options in the gear menu near the lock icon (for your own files). For files/folders outside your home directory it requires unlocking first before allowing you to change permissions. Though, this is potentially due to me running in a standard account, but it's probably that way for the admin account too. I don't see it as a security concern though.
     
  8. AzureCloud thread starter macrumors member

    Joined:
    Jun 20, 2009
    #8
    As long as it isn't a potential security issue, then it doesn't really bother me. I do run an admin account (not the best idea for ultimate security, right?), and the behavior is the same as you describe for your machine. I usually don't have a reason to go messing around with permissions; it was just something I happened to notice one day. Although, I do wonder if Apple meant for this change from 10.5 to occur or if it is a bug that has been overlooked...
     

Share This Page