Re: [SC-L] how far we still need to go

[William L. Anderson]

BB, well yes I did gloss over the OS X admin and Unix "root" diffs.

And I agree that the install does create the first user as admin. That's a
problematic scenario.

Furthermore, I probably know too much, because I knew I wanted to create an
ordinary user acc't in addition to admin on my personal machine. And I know
enough to add the ordinary user to the "sudoer" list, so I can get admin
privileges when I want. This is definitely way too much work for someone who
just wants to use the computer.

But I still expect developers to know the difference and build their apps so
that ordinary folk can install them. But, then ordinary folk need to know the
difference between admin and ordinary. ... Uh oh, I'm getting a headache.

Thanks for the clarification.

-Bill

Blue Boar wrote:
> William L. Anderson wrote:
>> I am flabbergasted. When I first encountered Unix in 1983 I was taught that 
>> you
>> always run as an ordinary user, and only use admin (root) privileges when
>> needed. If OS X developers are running as admin, and building and testing 
>> their
>> products as admin, well ... I'm still in shock. And I weep for the species.
> 
> Are you confusing the Mac specifics? "Admin" on OS X is not the same as
> root. Members of the Admin group can elevate privs to do things as the
> equivalent of root, and the Admin group can write to /Applications. The
> app in question could improve, of course, but the fact the Admin has so
> much power and that the first user you create is a member of that group
> is the fault of OS X.
> 
> (At least, that's the way it worked not too long ago, Apple does seem to
> occasionally fix these things over time.)
> 
>   BB
> 


smime.p7s
Description: S/MIME Cryptographic Signature
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] how far we still need to go

[Dinis Cruz]

It's a simple economics problem. The moment these companies and developers
lose sales (or market share) because their products require admin / root
privileges to run, is the moment they start to REALLY support it.

And the reason why there isn't such REAL demand (with the exception of crazy
security dudes like us and the poor unlucky guys who actually GOT attacked)
is because the attackers are not exploiting the fact that these apps need
admin / root.

And if the attackers are not exploiting it, the customers are not losing
money, and if the customers are not losing money they will not demand more
secure systems.

So its good news, we are still safe, since the Risk is quite low :)

Btw, at OWASP we are trying to organize an OWASP Day to coincide with the
Global Security Week. See http://www.owasp.org/index.php/OWASP_Day for more
details and please feel free to get involved :)

Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org


On 7/25/07, William L. Anderson <[EMAIL PROTECTED]> wrote:


I was trying out a new web service that permits sharing files from the
desktop
to others online. It does seem a bit dodgy, but I was curious about how it
worked.

Well after a few attempts to install it on a Mac OS X system I finally
dope out
that it only seems to install and run as admin. That is, I not only need
to
install it as admin (that's OK, ordinary users can't write to the
/Applications
area), but I need to run it as admin.

After a few e-mails to the developers I get the following response:

"the only other thing that I can suggest is to install it (and run it) in
an
admin account. Starting from scratch. I'll have to log it as an issue that
non-admin users can't install it (I've honestly never created a non-admin
account on OS X and I guess no one else here has either because we didn't
think
of it!)"

I am flabbergasted. When I first encountered Unix in 1983 I was taught
that you
always run as an ordinary user, and only use admin (root) privileges when
needed. If OS X developers are running as admin, and building and testing
their
products as admin, well ... I'm still in shock. And I weep for the
species.

-Bill Anderson
http://praxis101.com/blog/

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___






--
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] how far we still need to go

[Blue Boar]

William L. Anderson wrote:
> I am flabbergasted. When I first encountered Unix in 1983 I was taught that 
> you
> always run as an ordinary user, and only use admin (root) privileges when
> needed. If OS X developers are running as admin, and building and testing 
> their
> products as admin, well ... I'm still in shock. And I weep for the species.

Are you confusing the Mac specifics? "Admin" on OS X is not the same as
root. Members of the Admin group can elevate privs to do things as the
equivalent of root, and the Admin group can write to /Applications. The
app in question could improve, of course, but the fact the Admin has so
much power and that the first user you create is a member of that group
is the fault of OS X.

(At least, that's the way it worked not too long ago, Apple does seem to
occasionally fix these things over time.)

BB
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] how far we still need to go

[Kenneth Van Wyk]

On Jul 25, 2007, at 9:36 AM, William L. Anderson wrote:
Well after a few attempts to install it on a Mac OS X system I  
finally dope out
that it only seems to install and run as admin. That is, I not only  
need to
install it as admin (that's OK, ordinary users can't write to the / 
Applications

area), but I need to run it as admin.


Maddening, isn't it?  I maintain that this is a software issue,  
insofar as how the software is bolted into its operating  
environment.  Many disagree with that point of view, which I can  
accept, but I believe that to pass this off to the "ops guys" is a  
bad practice that borders on negligence.  Even for those who disagree  
with me, I still would argue that it's largely under the control of  
the developer to be able to bolt the code into a safe operating  
environment -- that promotes the principle of least privilege  
effectively.


One of my customers uses -- and hence, so do I -- VPN software and a  
software one-time token ("SoftToken") that requires the SoftToken.app  
software to have read/write access to its folder under /Applications  
on OS X.  The presumption was that it would always be run as root.   
Well, I've gone out of my way to run my desktop OS X user without  
privs, which broke SoftToken (it would generate the same token EVERY  
time it was invoked).  I still wouldn't accept running it as root,  
however, and was able to circumvent the problem by only giving my  
desktop user read/write to the one data file that SoftToken needed to  
write to.  Still not as good as designing it properly in the first  
place, but it was an acceptable compromise for me to be able to do  
what I need to do.  FWIW...


Cheers,

Ken
-
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com






smime.p7s
Description: S/MIME cryptographic signature
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

Re: [SC-L] how far we still need to go

[Steven M. Christey]

On Wed, 25 Jul 2007, William L. Anderson wrote:

> I am flabbergasted. When I first encountered Unix in 1983 I was taught
> that you always run as an ordinary user, and only use admin (root)
> privileges when needed. If OS X developers are running as admin, and
> building and testing their products as admin, well ... I'm still in
> shock. And I weep for the species.

Unfortunately, there's not much of a surprise here.  The same problem
exists for lots of Windows-based applications.  I regard it as a leftover
from the fact that these OSes were not designed to be multi-user, but the
threat landscape has changed such that multiple users (or at least
multiple roles for the same user?) are necessary.  This will take a bit of
time before it registers with the everyday computer user or developer of
these mono-user systems.

- Steve
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___

[SC-L] how far we still need to go

[William L. Anderson]

I was trying out a new web service that permits sharing files from the desktop
to others online. It does seem a bit dodgy, but I was curious about how it 
worked.

Well after a few attempts to install it on a Mac OS X system I finally dope out
that it only seems to install and run as admin. That is, I not only need to
install it as admin (that's OK, ordinary users can't write to the /Applications
area), but I need to run it as admin.

After a few e-mails to the developers I get the following response:

"the only other thing that I can suggest is to install it (and run it) in an
admin account. Starting from scratch. I'll have to log it as an issue that
non-admin users can't install it (I've honestly never created a non-admin
account on OS X and I guess no one else here has either because we didn't think
of it!)"

I am flabbergasted. When I first encountered Unix in 1983 I was taught that you
always run as an ordinary user, and only use admin (root) privileges when
needed. If OS X developers are running as admin, and building and testing their
products as admin, well ... I'm still in shock. And I weep for the species.

-Bill Anderson
http://praxis101.com/blog/


smime.p7s
Description: S/MIME Cryptographic Signature
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___