William L. Anderson wrote: > I am flabbergasted. When I first encountered Unix in 1983 I was taught that > you > always run as an ordinary user, and only use admin (root) privileges when > needed. If OS X developers are running as admin, and building and testing > their > products as admin, well ... I'm still in shock. And I weep for the species.
Are you confusing the Mac specifics? "Admin" on OS X is not the same as root. Members of the Admin group can elevate privs to do things as the equivalent of root, and the Admin group can write to /Applications. The app in question could improve, of course, but the fact the Admin has so much power and that the first user you create is a member of that group is the fault of OS X. (At least, that's the way it worked not too long ago, Apple does seem to occasionally fix these things over time.) BB _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________