On Tue, 26 Jun 2001, kangoo wrote: > Permissions of /Users/yourname/Desktop which show your desktop is > xrwxrwxrwx, allowing every user to read/write on your own Desktop folder. > > Fix: chmod 755 or chmod 750 /Users/yourname/Desktop > > Apple have been warned long ago and as of 10.0.4 it is stil not fixed. I've just looked into the root of a machine we have here. Not an upgrade from OS 9. Started with install off the release cd, and now 10.0.4 is installed. Seems the following have write access by any user, by default. drwxrwxrwx 21 root wheel 670 Jun 19 10:06 Applications (Mac OS 9) -rwxrwxrwx 1 root wheel 942080 Jun 26 11:03 Desktop DB -rwxrwxrwx 1 root wheel 2831842 Jun 26 09:17 Desktop DF drwxrwxrwx 3 root staff 58 Jun 29 21:51 Desktop Folder drwxrwxrwx 11 root wheel 330 May 29 10:33 Documents -rwxrwxrwx 1 root wheel 0 May 30 13:33 Late Breaking News drwxrwxrwx 49 root wheel 1622 Jun 28 14:29 System Folder drwxrwxrwx 3 xxxxxx admin 264 Jun 28 14:40 Temporary Items drwxrwxrwx 2 root wheel 264 May 28 12:30 TheFindByContentFolder drwxrwxrwx 4 root wheel 264 May 7 10:12 TheVolumeSettingsFolder drwxrwxrwx 2 root wheel 264 Jun 28 14:29 Trash -rwxrwxrwx 1 root wheel 547356672 Jun 28 14:26 VM Storage xxxxx is currently logged in. "VM Storage" is an interesting one. Running strings on it gets about 500 outputs of "ISP_Guard_Page", so I assume there's some sort of protection scheme happening there. I don't see what's stopping trojans being installed in Applications, considering it's writable to all and sundry. -- Until I loved, life had no beauty; I did not know I lived until I had loved. (Theodor Korner)
This archive was generated by hypermail 2b30 : Fri Jun 29 2001 - 14:32:45 PDT