Re: [SC-L] how far we still need to go
BB, well yes I did gloss over the OS X admin and Unix "root" diffs. And I agree that the install does create the first user as admin. That's a problematic scenario. Furthermore, I probably know too much, because I knew I wanted to create an ordinary user acc't in addition to admin on my personal machine. And I know enough to add the ordinary user to the "sudoer" list, so I can get admin privileges when I want. This is definitely way too much work for someone who just wants to use the computer. But I still expect developers to know the difference and build their apps so that ordinary folk can install them. But, then ordinary folk need to know the difference between admin and ordinary. ... Uh oh, I'm getting a headache. Thanks for the clarification. -Bill Blue Boar wrote: > William L. Anderson wrote: >> I am flabbergasted. When I first encountered Unix in 1983 I was taught that >> you >> always run as an ordinary user, and only use admin (root) privileges when >> needed. If OS X developers are running as admin, and building and testing >> their >> products as admin, well ... I'm still in shock. And I weep for the species. > > Are you confusing the Mac specifics? "Admin" on OS X is not the same as > root. Members of the Admin group can elevate privs to do things as the > equivalent of root, and the Admin group can write to /Applications. The > app in question could improve, of course, but the fact the Admin has so > much power and that the first user you create is a member of that group > is the fault of OS X. > > (At least, that's the way it worked not too long ago, Apple does seem to > occasionally fix these things over time.) > > BB > smime.p7s Description: S/MIME Cryptographic Signature ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] how far we still need to go
It's a simple economics problem. The moment these companies and developers lose sales (or market share) because their products require admin / root privileges to run, is the moment they start to REALLY support it. And the reason why there isn't such REAL demand (with the exception of crazy security dudes like us and the poor unlucky guys who actually GOT attacked) is because the attackers are not exploiting the fact that these apps need admin / root. And if the attackers are not exploiting it, the customers are not losing money, and if the customers are not losing money they will not demand more secure systems. So its good news, we are still safe, since the Risk is quite low :) Btw, at OWASP we are trying to organize an OWASP Day to coincide with the Global Security Week. See http://www.owasp.org/index.php/OWASP_Day for more details and please feel free to get involved :) Dinis Cruz Chief OWASP Evangelist http://www.owasp.org On 7/25/07, William L. Anderson <[EMAIL PROTECTED]> wrote: I was trying out a new web service that permits sharing files from the desktop to others online. It does seem a bit dodgy, but I was curious about how it worked. Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That is, I not only need to install it as admin (that's OK, ordinary users can't write to the /Applications area), but I need to run it as admin. After a few e-mails to the developers I get the following response: "the only other thing that I can suggest is to install it (and run it) in an admin account. Starting from scratch. I'll have to log it as an issue that non-admin users can't install it (I've honestly never created a non-admin account on OS X and I guess no one else here has either because we didn't think of it!)" I am flabbergasted. When I first encountered Unix in 1983 I was taught that you always run as an ordinary user, and only use admin (root) privileges when needed. If OS X developers are running as admin, and building and testing their products as admin, well ... I'm still in shock. And I weep for the species. -Bill Anderson http://praxis101.com/blog/ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] how far we still need to go
William L. Anderson wrote: > I am flabbergasted. When I first encountered Unix in 1983 I was taught that > you > always run as an ordinary user, and only use admin (root) privileges when > needed. If OS X developers are running as admin, and building and testing > their > products as admin, well ... I'm still in shock. And I weep for the species. Are you confusing the Mac specifics? "Admin" on OS X is not the same as root. Members of the Admin group can elevate privs to do things as the equivalent of root, and the Admin group can write to /Applications. The app in question could improve, of course, but the fact the Admin has so much power and that the first user you create is a member of that group is the fault of OS X. (At least, that's the way it worked not too long ago, Apple does seem to occasionally fix these things over time.) BB ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] how far we still need to go
On Jul 25, 2007, at 9:36 AM, William L. Anderson wrote: Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That is, I not only need to install it as admin (that's OK, ordinary users can't write to the / Applications area), but I need to run it as admin. Maddening, isn't it? I maintain that this is a software issue, insofar as how the software is bolted into its operating environment. Many disagree with that point of view, which I can accept, but I believe that to pass this off to the "ops guys" is a bad practice that borders on negligence. Even for those who disagree with me, I still would argue that it's largely under the control of the developer to be able to bolt the code into a safe operating environment -- that promotes the principle of least privilege effectively. One of my customers uses -- and hence, so do I -- VPN software and a software one-time token ("SoftToken") that requires the SoftToken.app software to have read/write access to its folder under /Applications on OS X. The presumption was that it would always be run as root. Well, I've gone out of my way to run my desktop OS X user without privs, which broke SoftToken (it would generate the same token EVERY time it was invoked). I still wouldn't accept running it as root, however, and was able to circumvent the problem by only giving my desktop user read/write to the one data file that SoftToken needed to write to. Still not as good as designing it properly in the first place, but it was an acceptable compromise for me to be able to do what I need to do. FWIW... Cheers, Ken - Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com smime.p7s Description: S/MIME cryptographic signature ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] how far we still need to go
On Wed, 25 Jul 2007, William L. Anderson wrote: > I am flabbergasted. When I first encountered Unix in 1983 I was taught > that you always run as an ordinary user, and only use admin (root) > privileges when needed. If OS X developers are running as admin, and > building and testing their products as admin, well ... I'm still in > shock. And I weep for the species. Unfortunately, there's not much of a surprise here. The same problem exists for lots of Windows-based applications. I regard it as a leftover from the fact that these OSes were not designed to be multi-user, but the threat landscape has changed such that multiple users (or at least multiple roles for the same user?) are necessary. This will take a bit of time before it registers with the everyday computer user or developer of these mono-user systems. - Steve ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] how far we still need to go
I was trying out a new web service that permits sharing files from the desktop to others online. It does seem a bit dodgy, but I was curious about how it worked. Well after a few attempts to install it on a Mac OS X system I finally dope out that it only seems to install and run as admin. That is, I not only need to install it as admin (that's OK, ordinary users can't write to the /Applications area), but I need to run it as admin. After a few e-mails to the developers I get the following response: "the only other thing that I can suggest is to install it (and run it) in an admin account. Starting from scratch. I'll have to log it as an issue that non-admin users can't install it (I've honestly never created a non-admin account on OS X and I guess no one else here has either because we didn't think of it!)" I am flabbergasted. When I first encountered Unix in 1983 I was taught that you always run as an ordinary user, and only use admin (root) privileges when needed. If OS X developers are running as admin, and building and testing their products as admin, well ... I'm still in shock. And I weep for the species. -Bill Anderson http://praxis101.com/blog/ smime.p7s Description: S/MIME Cryptographic Signature ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___