On Fri, Jun 29, 2001 at 10:14:23PM +1000, Peter Tonoli wrote:
> I've just looked into the root of a machine we have here. Not an upgrade
> from OS 9. Started with install off the release cd, and now 10.0.4 is
> installed. Seems the following have write access by any user, by default.
>
> drwxrwxrwx 21 root wheel 670 Jun 19 10:06 Applications (Mac OS 9)
> -rwxrwxrwx 1 root wheel 942080 Jun 26 11:03 Desktop DB
> -rwxrwxrwx 1 root wheel 2831842 Jun 26 09:17 Desktop DF
> drwxrwxrwx 3 root staff 58 Jun 29 21:51 Desktop Folder
> drwxrwxrwx 11 root wheel 330 May 29 10:33 Documents
> -rwxrwxrwx 1 root wheel 0 May 30 13:33 Late Breaking News
> drwxrwxrwx 49 root wheel 1622 Jun 28 14:29 System Folder
> drwxrwxrwx 3 xxxxxx admin 264 Jun 28 14:40 Temporary Items
> drwxrwxrwx 2 root wheel 264 May 28 12:30 TheFindByContentFolder
> drwxrwxrwx 4 root wheel 264 May 7 10:12 TheVolumeSettingsFolder
> drwxrwxrwx 2 root wheel 264 Jun 28 14:29 Trash
> -rwxrwxrwx 1 root wheel 547356672 Jun 28 14:26 VM Storage
All files and directories created by MacOS will have 0777 permissions
on the OSX side.
> xxxxx is currently logged in. "VM Storage" is an interesting one. Running
> strings on it gets about 500 outputs of "ISP_Guard_Page", so I assume
> there's some sort of protection scheme happening there. I don't see what's
> stopping trojans being installed in Applications, considering it's
> writable to all and sundry.
the VM Storage file is the MacOS (not OSX) swapfile, i think everyone
knows the implications of world readable (much less writable) swap files.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
