Possible security hole?

Discussion in 'macOS' started by SC68Cal, Oct 17, 2006.

  1. SC68Cal macrumors 68000

    Feb 23, 2006
    I might have found at least, an itsy bitsy hole.

    Normally a user without administrator privs. cannot add items to the /Applications directory without the authenticating with an Admin account. However, in terminal, someone can invoke rm <folder> into /applications without having to authenticate.
  2. glib macrumors member

    Mar 7, 2006
    I can also rm -R something in /Applications with my normal user account. However, I can also copy to applications with my normal user account just fine. Permissions are the same for me.
  3. SC68Cal thread starter macrumors 68000

    Feb 23, 2006
    Meaning you don't need to authenticate to add programs to /Applications via Finder as a standard user?
  4. beatsme macrumors 65816


    Oct 6, 2005
    report it to Apple. See what they say.
  5. bearbo macrumors 68000


    Jul 20, 2006
    i think it depend on what your privilage is... im not sure

    also, i think u can add small simple drag into app folder apps... if not to the root app folder, at least to user app folder...
  6. MacBoobsPro macrumors 603


    Jan 10, 2006
    If you think you have found something iffy. Dont post it on a forum, keep it quiet and tell Apple. :rolleyes:
  7. scottlinux macrumors 6502a


    Sep 21, 2005
    This is not a security hole. These are standard permissions in OS X.
  8. SC68Cal thread starter macrumors 68000

    Feb 23, 2006
    Okay. I've tried to replicate what I did last night with just a normal folder. I was given a permission denied error.

    I'm going to retrace what exactly allowed me to move the program "John The Ripper" into the Applications folder from my Standard Account.

    Currently, the permissions for the John folder

    Owner = Standard Account
    Access = R & W

    Group = Admin
    Access = R & W

    Others = No Access

    I'm beginning to wonder if that since I compiled John with my admin account, that is what allowed it to be moved.
  9. ddekker macrumors regular

    Sep 23, 2006
    ROFLOL... I love the "its not a hole.. its a feature"... lol.. if it were MS it would be all over the news...

  10. gauchogolfer macrumors 603


    Jan 28, 2005
    American Riviera
    Who the heck has made this comment? Honestly.

    The OP even reported that he has some admin privileges on the account, and the other posters suggested reporting it to Apple.

    Sheesh :rolleyes:

Share This Page