10.6.3 Permissions Security

AzureCloud

macrumors member
Original poster
Jun 20, 2009
51
0
On 10.6.2, I noticed that in the Get Info window, permissions for a file could be changed without having to "unlock" the operation with the administrator password. This was not the case in Leopard, which required the admin password before permissions could be changed through the Get Info window.

I found this to be concerning from a security standpoint. I had hoped that 10.6.3 would fix the issue, but it still appears to be a problem. I've noticed this on three different machines, two with clean installs of 10.6 and one with an upgrade from 10.5. Does anyone else notice this issue? Am I right in assuming that this is a security issue? The ability for permissions to be changed for any file directly from the Finder's Get Info window without even an admin password seems to be rather insecure to me.
 

angelwatt

Moderator emeritus
Aug 16, 2005
7,857
7
USA
What file/folder were you doing the Get Info on? It matters as you don't need permission to change permissions in your own home directory.
 

scottintosh

macrumors member
Jun 15, 2008
74
0
My snow leo install does that same as described above. Its weird because there is a closed lock in the lower right corner of the Get Info window, don't know what it is "locking".
 

AzureCloud

macrumors member
Original poster
Jun 20, 2009
51
0
Angelwatt and Calderone,

Now that you mention it, it is only for files that I own that I am able to change permissions. Although, in 10.5, I still had to enter a password to change permissions even on files I owned. Was the behavior in 10.5 actually a bug that was fixed in 10.6? I ask because my computer came with the Leopard drop in disc, so I don't have much experience with OS X outside of 10.5 and 10.6.
 

angelwatt

Moderator emeritus
Aug 16, 2005
7,857
7
USA
I checked on my 10.5 machine and it is different from 10.6. In 10.5 you needed to unlock before changing permissions, including your own files. I guess Apple felt that was overkill. Now, in 10.6, you only need to unlock in order to use the options in the gear menu near the lock icon (for your own files). For files/folders outside your home directory it requires unlocking first before allowing you to change permissions. Though, this is potentially due to me running in a standard account, but it's probably that way for the admin account too. I don't see it as a security concern though.
 

AzureCloud

macrumors member
Original poster
Jun 20, 2009
51
0
I checked on my 10.5 machine and it is different from 10.6. In 10.5 you needed to unlock before changing permissions, including your own files. I guess Apple felt that was overkill. Now, in 10.6, you only need to unlock in order to use the options in the gear menu near the lock icon (for your own files). For files/folders outside your home directory it requires unlocking first before allowing you to change permissions. Though, this is potentially due to me running in a standard account, but it's probably that way for the admin account too. I don't see it as a security concern though.
As long as it isn't a potential security issue, then it doesn't really bother me. I do run an admin account (not the best idea for ultimate security, right?), and the behavior is the same as you describe for your machine. I usually don't have a reason to go messing around with permissions; it was just something I happened to notice one day. Although, I do wonder if Apple meant for this change from 10.5 to occur or if it is a bug that has been overlooked...