OSX - trojan apps can bypass authentication controls and gain root privilages

[stcanard]

What about repairing disk permissions? Will this undo these changes? You could add this to your daily script... right?

Only if they used the apple installer to install (and thus a BOM file was created).

If it's an application bundle you just dragged over, repair permissions won't do anything with it.

Adding it to a daily script is not a bad idea, though, so that you don't have to think about it. If you're going to do something like that, though, do what I did and create a /Applications/Local directory so your stuff is isolated. Makes backups easier too

 

[diehldun]

Fire Wall... stops Trojans???

Does the standard Fire-Wall that comes on MacOS 10.3 protect my baby from Trojans?

I don't want to get a virus.

 

[wrldwzrd89]

Does the standard Fire-Wall that comes on MacOS 10.3 protect my baby from Trojans?

I don't want to get a virus.

There's a post on page 2 of this thread that answers this question. To rephrase: only education can stop trojan horses. A trojan horse is simply a program that isn't what you think it is and usually does something malicious. Unlike viruses and worms, trojan horses do not replicate.

 

[stcanard]

Unlike viruses and worms, trojan horses do not replicate.

That just left me thinking -- when was the last time you heard of a true virus in the wild?

Almost everything these days is a worm, actively seeking out other computers to infect them, or a trojan trying to trick people into running them.

When was the last time you heard of an actual virus that attached itself to another program to propogate?

 

[wrldwzrd89]

That just left me thinking -- when was the last time you heard of a true virus in the wild?

Almost everything these days is a worm, actively seeking out other computers to infect them, or a trojan trying to trick people into running them.

When was the last time you heard of an actual virus that attached itself to another program to propogate?

The most recent true virus that I can find was discovered on December 1, 2004.

 

[stcanard]

The most recent true virus that I can find was discovered on December 1, 2004.

Wow, people still use floppies? ('A' drive).

I can't remember the last time I touched a floppy, even predating my days with a Mac.

 

[wrldwzrd89]

Wow, people still use floppies? ('A' drive).

I can't remember the last time I touched a floppy, even predating my days with a Mac.

I didn't look at the virus listing. I don't use floppies either, even when they're available. This trend started for me when Apple released the original iMac.

 

[ChrisBrightwell]

Wow, people still use floppies?

We use them at work for boot disks. That's about it.

Everything else is on CD-R(OM) and thumbdrives.

 

[stcanard]

I didn't look at the virus listing. I don't use floppies either, even when they're available. This trend started for me when Apple released the original iMac.

That wasn't a dig at you (or the virus), it was just shock that there were still enough 'A' drives around that someone would bother to write a virus like that!

 

[savar]

It's still not a virus, but thanks for playing.

AppleMatt

This is actually a very interesting exploit. I had no idea that sudo has a system-wide grace period...I thought it was per-TTY (as the poster suggests it should be).

It certainly is an excellent vehicle for launching a virus. Yes, you do have to run or install the virus, but that's why the OP refers to a Trojan Horse. A trojan is a program you run by accident because it masquerades as a legitimate program. In fact, trojans can be legitimate programs which have been re-engineered to install a virus. Write a background app which waits for this sudo exploit and use a trojan to launch it initially.

Sudo isn't used for authentication in the GUI, so most users are safe I would think. But I do use the command line all the time to manipulate data for projects I'm working on. I would hate to innocently use sudo and allow a virus to run.

All you naysayers shouldn't play this down. Just because nobody writes viruses for Mac OS X yet doesn't mean they won't. I'm sure someday a windows cracker will write a mac virus just to shut up all those people who say macs don't have viruses. Yes, we do have a very secure platform that protects even boneheaded users but it is NOT BULLETPROOF!!

I hope Apple responds...this is not a minor hole.