Possible security hole?

Discussion in 'macOS' started by SC68Cal, Oct 17, 2006.

Most Liked Posts
  1. SC68Cal, Oct 17, 2006

    SC68Cal macrumors 68000

    Joined:
    Feb 23, 2006
    #1
    I might have found at least, an itsy bitsy hole.

    Normally a user without administrator privs. cannot add items to the /Applications directory without the authenticating with an Admin account. However, in terminal, someone can invoke rm <folder> into /applications without having to authenticate.
     
    share
    + Quote Reply
  2. glib, Oct 17, 2006

    glib macrumors member

    Joined:
    Mar 7, 2006
    #2
    I can also rm -R something in /Applications with my normal user account. However, I can also copy to applications with my normal user account just fine. Permissions are the same for me.
     
    share
    + Quote Reply
  3. SC68Cal, Oct 17, 2006

    SC68Cal thread starter macrumors 68000

    Joined:
    Feb 23, 2006
    #3
    Meaning you don't need to authenticate to add programs to /Applications via Finder as a standard user?
     
    share
    + Quote Reply
  4. beatsme, Oct 18, 2006

    beatsme macrumors 65816

    beatsme

    Joined:
    Oct 6, 2005
    #4
    report it to Apple. See what they say.
     
    share
    + Quote Reply
  5. bearbo, Oct 18, 2006

    bearbo macrumors 68000

    bearbo

    Joined:
    Jul 20, 2006
    #5
    i think it depend on what your privilage is... im not sure

    also, i think u can add small simple drag into app folder apps... if not to the root app folder, at least to user app folder...
     
    share
    + Quote Reply
  6. MacBoobsPro, Oct 18, 2006

    MacBoobsPro macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #6
    If you think you have found something iffy. Dont post it on a forum, keep it quiet and tell Apple. :rolleyes:
     
    share
    + Quote Reply
  7. scottlinux, Oct 18, 2006

    scottlinux macrumors 6502a

    scottlinux

    Joined:
    Sep 21, 2005
    #7
    This is not a security hole. These are standard permissions in OS X.
     
    share
    + Quote Reply
  8. SC68Cal, Oct 18, 2006

    SC68Cal thread starter macrumors 68000

    Joined:
    Feb 23, 2006
    #8
    Okay. I've tried to replicate what I did last night with just a normal folder. I was given a permission denied error.

    I'm going to retrace what exactly allowed me to move the program "John The Ripper" into the Applications folder from my Standard Account.

    Currently, the permissions for the John folder

    Owner = Standard Account
    Access = R & W

    Group = Admin
    Access = R & W

    Others = No Access

    I'm beginning to wonder if that since I compiled John with my admin account, that is what allowed it to be moved.
     
    share
    + Quote Reply
  9. ddekker, Oct 18, 2006

    ddekker macrumors regular

    Joined:
    Sep 23, 2006
    Location:
    Michigan
    #9
    ROFLOL... I love the "its not a hole.. its a feature"... lol.. if it were MS it would be all over the news...

    D
     
    share
    + Quote Reply
  10. gauchogolfer, Oct 18, 2006

    gauchogolfer macrumors 603

    gauchogolfer

    Joined:
    Jan 28, 2005
    Location:
    American Riviera
    #10
    Who the heck has made this comment? Honestly.

    The OP even reported that he has some admin privileges on the account, and the other posters suggested reporting it to Apple.

    Sheesh :rolleyes:
     
    share
    + Quote Reply
(You must log in or sign up to post here.)

Share This Page