On Mon, Aug 13, 2012 at 5:41 PM, Richard Miles <[email protected]> wrote: > - Calls a file with a suid file without full path?
No. > - Allows to create a symbolic link inside > /Applications/Viscosity.app/Contents/Resources/ with the name of > ViscosityHelper? No. > > BTW, this file > /Applications/Viscosity.app/Contents/Resources/ViscosityHelper doesn't exist > by default? Yes, it does exist. When you run Viscosity for the first time, it makes that file SUID. > Also, are the permission at the folder > /Applications/Viscosity.app/Contents/Resources/ week enough to allows anyone > to write on it? I don't know. It doesn't matter for this exploit. > Sorry for dumb question, but what is the real issue here? The SUID binary will execute python code from the directory of the executable, linked, symlinked, or otherwise. Take a look at the exploit. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
