Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Possible security hole?

S

SC68Cal

macrumors 68000
Original poster
Feb 23, 2006
1,642
0
I might have found at least, an itsy bitsy hole.

Normally a user without administrator privs. cannot add items to the /Applications directory without the authenticating with an Admin account. However, in terminal, someone can invoke rm <folder> into /applications without having to authenticate.
 
I can also rm -R something in /Applications with my normal user account. However, I can also copy to applications with my normal user account just fine. Permissions are the same for me.
 
Meaning you don't need to authenticate to add programs to /Applications via Finder as a standard user?
 
SC68Cal said:
I might have found at least, an itsy bitsy hole.

Normally a user without administrator privs. cannot add items to the /Applications directory without the authenticating with an Admin account. However, in terminal, someone can invoke rm <folder> into /applications without having to authenticate.
Click to expand...

report it to Apple. See what they say.
 
i think it depend on what your privilage is... im not sure

also, i think u can add small simple drag into app folder apps... if not to the root app folder, at least to user app folder...
 
If you think you have found something iffy. Dont post it on a forum, keep it quiet and tell Apple. :rolleyes:
 
Okay. I've tried to replicate what I did last night with just a normal folder. I was given a permission denied error.

I'm going to retrace what exactly allowed me to move the program "John The Ripper" into the Applications folder from my Standard Account.

Currently, the permissions for the John folder

Owner = Standard Account
Access = R & W

Group = Admin
Access = R & W

Others = No Access

I'm beginning to wonder if that since I compiled John with my admin account, that is what allowed it to be moved.
 
ROFLOL... I love the "its not a hole.. its a feature"... lol.. if it were MS it would be all over the news...

D
 
ddekker said:
ROFLOL... I love the "its not a hole.. its a feature"... lol.. if it were MS it would be all over the news...

D
Click to expand...

Who the heck has made this comment? Honestly.

The OP even reported that he has some admin privileges on the account, and the other posters suggested reporting it to Apple.

Sheesh :rolleyes:
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back