On Wednesday, October 17, 2001, at 04:35 PM, Greg Bossert wrote:
> and i can attest that at SGI a lot of work went into tightening the OS
> up as shipped, and in providing scripts to help the admin further
> secure the machine. however, that only goes so far; security of the
> local configuration is a local administration issue. the default
> installed configuration of MacOS X seems to me to be quite reasonable,
> security-wise, relative to UNIX distribution norms.
The default config and common usage case should be safe, but I
disagree that OS X has reasonable out-of-the-box local security.
The network defaults are fairly good, but there I'm sure there are
plenty of local exploits in Mac OS X.
As an example, let's pick on the admin group.
By default you set up an account which is in the admin group. The
root directory of the filesystem is writeable by group admin, as are
/Applications and /Library and other things. Having a group which
defined the set of users who are allowed to do admin things is fine if
they have to re-authenticate before doing such things (eg. what sudo
does). But having open-ended access like this means that it's easy to
write trojan software (eg. a macro virus, or an innocent looking app)
and expect that when a user runs it, you get full access to the machine,
given that the typical user will use the account created after install,
which is in the admin group. The whole admin group business is very
sloppy in Mac OS X.
/Volumes, where all volumes are mounted, is world-writeable. Bet you
can wreak some havoc there if you were clever.
-Fred
