Re: Mac OS X setuid root security hole

From: Chris Adams (chrisat_private)
Date: Wed Oct 17 2001 - 14:00:33 PDT

Next message: Adonis.No.Spam: "Attension acrobat PDF makers, Acrobat PDF protection is not that Secure"

Previous message: Bob Niederman: "NON-Secure Credit card info transfer from time.com/pathfinder.com"
In reply to: rotaiv: "Mac OS X setuid root security hole"
Next in thread: Ken Schweigert: "Re: Mac OS X setuid root security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday, October 17, 2001, at 09:53 , rotaiv wrote:
> I can't recall if I have seen this on BugTraq so forgive me if this is 
> an old issue.
>
> Try these steps on an OS X machine (not logged in as root)
>
>  - Open up the terminal application
>  - Quit the terminal application
>  - Open up NetInfo Manager (leave it in the foreground)
>  - Open up the Terminal application form the "Recent Items" list in the 
> Apple Menu.
>
> You should now be logged in as root!

This also affects items in the Services menu (want a root text editor?), 
which suggests
the entire menu handler runs as the effective userid.

Chris

Next message: Adonis.No.Spam: "Attension acrobat PDF makers, Acrobat PDF protection is not that Secure"
Previous message: Bob Niederman: "NON-Secure Credit card info transfer from time.com/pathfinder.com"
In reply to: rotaiv: "Mac OS X setuid root security hole"
Next in thread: Ken Schweigert: "Re: Mac OS X setuid root security hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 14:24:28 PDT