On Tue, 26 Jun 2001, kangoo wrote:
> Permissions of /Users/yourname/Desktop which show your desktop is
> xrwxrwxrwx, allowing every user to read/write on your own Desktop folder.
>
> Fix: chmod 755 or chmod 750 /Users/yourname/Desktop
>
> Apple have been warned long ago and as of 10.0.4 it is stil not fixed.
I've just looked into the root of a machine we have here. Not an upgrade
from OS 9. Started with install off the release cd, and now 10.0.4 is
installed. Seems the following have write access by any user, by default.
drwxrwxrwx 21 root wheel 670 Jun 19 10:06 Applications (Mac OS 9)
-rwxrwxrwx 1 root wheel 942080 Jun 26 11:03 Desktop DB
-rwxrwxrwx 1 root wheel 2831842 Jun 26 09:17 Desktop DF
drwxrwxrwx 3 root staff 58 Jun 29 21:51 Desktop Folder
drwxrwxrwx 11 root wheel 330 May 29 10:33 Documents
-rwxrwxrwx 1 root wheel 0 May 30 13:33 Late Breaking News
drwxrwxrwx 49 root wheel 1622 Jun 28 14:29 System Folder
drwxrwxrwx 3 xxxxxx admin 264 Jun 28 14:40 Temporary Items
drwxrwxrwx 2 root wheel 264 May 28 12:30 TheFindByContentFolder
drwxrwxrwx 4 root wheel 264 May 7 10:12 TheVolumeSettingsFolder
drwxrwxrwx 2 root wheel 264 Jun 28 14:29 Trash
-rwxrwxrwx 1 root wheel 547356672 Jun 28 14:26 VM Storage
xxxxx is currently logged in. "VM Storage" is an interesting one. Running
strings on it gets about 500 outputs of "ISP_Guard_Page", so I assume
there's some sort of protection scheme happening there. I don't see what's
stopping trojans being installed in Applications, considering it's
writable to all and sundry.
--
Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)