At 1:23 PM -0400 10/17/01, [EMAIL PROTECTED] wrote: > First off, you shouldn't have ANYTHING out there that's SUID root except >carefully placed apps.
umm, I suspect that merlyn knows that. Mac OS X ships with a number of SUID applications. >Secondly, in order to run the NetInfo manager, you usually have to >authenticate by clicking on that lock icon. Not true; in order to change things in NetInfo Manager, you have to authenticate. Any user can launch NetInfo Manager, though, and because it is SUID, it runs as root. >Once you do that, I guess your permissions "stick" for an >unspecified amount of time... ... having nothing to do with this security issue. --Sandy, who is waiting for someone to report that they have turned this local exploit into a remote exploit by installing vnc server on a Mac OS X box. :-( > > Terminal.app should definately NOT be SUID or SGID. >On Tuesday, October 16, 2001, at 10:03 PM, Randal L. Schwartz wrote: >> >> Try these steps on an OS X machine (not logged in as root) >> >> >> Open up the Terminal.app >> Quit it. >> Open up NetInfo Manager (leave it in the foreground) >> Open up Terminal.app from the *RECENT ITEMS* list in the Apple Menu. >> >> Voila! a terminal logged in as root. >> >> >> This apparently is the case with all setuid root applications... Not >> good....
