Kee, Yeah I understand this and your previous post,
it was a good review of the issues.
However, the perl list is a development list and as developers it is
well... interesting.
What I was trying to point out is the
following points:
1. The fault here seems to be the implementation of the Recent Items
Menu.
-Recent Items opens apps as root user automatically if a setuid app
is on the top of the window z-order. -- a serious fault.
-Dock does not.
-Recent Items opens apps as root user if a spp which has been opened
by a sudo invocation is on top of the Z-order list.
-Dock does not.
--therefore I disagree... the problem *is* the Apple menu's way of
launching and dealing with forks as you originally suggested. Net Info
manager is not launching anything, Neither is BBEdit at that moment,
though they might want to consider something about the implementation of
the invocation of Terminal.app for running Perl Scripts and the
Debugger. opens as root when terminal is closed. runs as current user
if terminal is already open. Anyway, this is one example where one app
does launch another.
2. forget about launching from the terminal temporarily, Various sudo
invoking Gui applications are in existence that will produce the effects
described above.
these are a "help" to the user who has admin privileges but has some
reason to feel comfortable with a gui app to do the job. Frankly I was
just picking on BBEdit because it is was something to launch which I
felt "would be safer" to launch as root.
--if I start with a blank desktop... open one app by sudo, then open
another from the recent items, and keep doing that...potentially, it is
the same as if I had logged in as root and was running potentially
damaging stuff. (except the finder)
3. Apple was originally reluctant to provide the Apple menu... then it
"suddenly appeared". Apparently, lot's less thought into that than the
Dock and the rest of the UI.
4. I work in my own office behind locked doors I have forgotten what
people look like, but some of these machines are shared by a number of
users and some offices don't give users the root password just allow
them to sudo, etc., etc.
you know the situations....
The question is:
should we be able to get permanent root access by invoking the default
shell as in my
previous example?
>> [devlin:~] jim% sudo -s
>> Password:
>> [devlin:~] root#
this equals infinite sudo with
SUDO_COMMAND=/bin/tcsh
SUDO_USER=jim
SUDO_UID=501
SUDO_GID=20
added to my original environment
I have two different passwords for my admin account and root user.
5. I can think of some way to exploit this with a executable applescript
that Explorer could launch from a web_page. more is best left unsaid.
Jim
On Friday, October 19, 2001, at 01:07 AM, Kee Hinckley wrote:
>
> We're off the Perl topic here (is there a better list for discussing
> this stuff?)
>
--plenty of smart people here...
however there must be a related discussion at macosx-admin (Omni)
> Two issues.
>
> 1. Is it possible to create a global contextual menu item that
> invokes an application? Would it have the same security issues?
>
--If my theory about pulling permissions from the app that owns the
window at the top of the stack are true, no difference.
> 2. Frankly the process for giving a GUI application root access makes
> me very nervous. When I run "sudo" it asks for my password (if it
> hasn't recently). I know that I'm running the sudo program and that
> I'm giving the sudo program my password, and that it is then running
> this third-party app I got. In the GUI though, I'm giving the third
> party app my password--what is *it* doing with it? I have no way of
> knowing, I just have to trust it. This can (and almost certainly
> will) be a vector for stealing passwords in the future. I don't like
> that model at all. I'd rather run a trusted program first. Either
> that or Apple needs to come up with a way of performing some in that
> dialog box that only the system can perform, so that I know I'm not
> looking at a forged password stealer.
--agreed
--also sudo does not time out while you are using the gui app.
>
> - --
>
> Kee Hinckley - Somewhere.Com, LLC
> http://consulting.somewhere.com/
> [EMAIL PROTECTED] (or ...!alice!nazgul for time travelers :-)
>
> I'm not sure which upsets me more: that people are so unwilling to
> accept
> responsibility for their own actions, or that they are so eager to
> regulate
> everyone else's.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Security 7.0.3
>
> iQA/AwUBO88CFSZsPfdw+r2CEQJqfwCdH8VTKNLUYV70px3qzegI8JhxupcAoKW9
> LEcobXB0fBi/hDtxiKt2JxMF
> =yglv
> -----END PGP SIGNATURE-----
>
>
---------------------------------------------------------------------------
reply directly to:
Jim Cooper
mailto:[EMAIL PROTECTED]
iMedia, Ltd.
Tokyo http://www.ai-media.co.jp
---------------------------------------------------------------------------
