Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > January: Month of Apple Bugs

January: Month of Apple Bugs
Thread Tools
TETENAL
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Dec 21, 2006, 04:59 AM
 
Coming in January: "Month of Apple Bugs" - Security Fix

January 2007 will be the "Month of Apple Bugs" where every day a OS X security issue will be published. In the short term this project will decrease security for the average Mac user one of the organizers said (I guess until Apple patches all 31 bugs).

"Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way," LMH said.
Typical smug Mac user attitude.
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Dec 21, 2006, 05:17 AM
 
I eagerly look forward to seeing what they come up with. Hopefully it's less made-up than that Airport hack that was supposed to destroy Mac users' smugness.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Macola
Mac Elite
Join Date: Mar 2001
Location: Madison, WI
Status: Offline
Reply With Quote
Dec 21, 2006, 11:15 AM
 
If someone decided to do Windows bugs, it would probably take just a day, as opposed to an entire month.
I do not like those green links and spam.
I do not like them, Sam I am.
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Dec 21, 2006, 02:25 PM
 
I'm pretty sure Windows has still more than one bug.
     
Macola
Mac Elite
Join Date: Mar 2001
Location: Madison, WI
Status: Offline
Reply With Quote
Dec 21, 2006, 06:44 PM
 
Originally Posted by TETENAL View Post
I'm pretty sure Windows has still more than one bug.
That was my point. You could find the same number of bugs in Windows in one day that you would take a month to find in OS X.
I do not like those green links and spam.
I do not like them, Sam I am.
     
::maroma::
Addicted to MacNN
Join Date: Jan 2002
Location: PDX
Status: Offline
Reply With Quote
Dec 21, 2006, 07:27 PM
 
Oh noez! The big lie has been uncovered! Mac OS X has bugs! What ever will we do??

This dude is lame.
     
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Reply With Quote
Dec 21, 2006, 08:04 PM
 
Who ever thinks Mac OS X is bulletproof?

This guy is widely discredited as one who cares less about actual security and more about grabbing attention for himself by his sensationalistic practices.

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
imitchellg5
Posting Junkie
Join Date: Jan 2006
Location: Colorado
Status: Offline
Reply With Quote
Dec 21, 2006, 08:17 PM
 
What? My Mac isn't pefect???!!? I'm taking them back!
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Dec 24, 2006, 11:58 PM
 
That dude is such a lame ass. WTF ?

Why not just bash Macs outright. Loser.

-t
     
frdmfghtr
Senior User
Join Date: Nov 2005
Status: Offline
Reply With Quote
Dec 25, 2006, 01:23 AM
 
Originally Posted by - - e r i k - - View Post
Who ever thinks Mac OS X is bulletproof?

This guy is widely discredited as one who cares less about actual security and more about grabbing attention for himself by his sensationalistic practices.
Agreed. What good can come from revealing bugs without notifying Apple first and giving the OS X engineers time to analyze the bug and fix it?

Answer: None. If you are interested in getting the bugs fixed, you report them as soon as you have sufficient details on what causes them and under what conditions. You don't "threaten" to make bugs public knowledge on a timetable; this helps nobody except those who would exploit those bugs. Posting one per day? That's just an attempt to get people to visit the web page repeatedly, boosting ad revenue. (I can't confirm this one, since I'm unwilling to go to the website and boost the visit count.)

It's just an attention grab, plain and simple. The ONLY way you will convince me otherwise is if the bugs posted are bugs known to Apple for longer than, say, three months. And even then, the bugs have to be critical in nature, allowing systems to be compromised with no user interaction.
     
Hal Itosis
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Dec 26, 2006, 01:17 PM
 
Originally Posted by frdmfghtr View Post
What good can come from revealing bugs without notifying Apple first and giving the OS X engineers time to analyze the bug and fix it?
Where is your proof that notification has not already been given?
Have you read every bug report submitted to Apple or something?
-HI-
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Dec 26, 2006, 03:26 PM
 
Did you read the article?

"To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message."

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Dec 26, 2006, 04:34 PM
 
If this guy's finding serious OS X bugs in his spare time that highly paid Apple engineers either cannot or will not find themselves, Apple should definitely try to hire him.

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
Hal Itosis
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Dec 27, 2006, 07:23 PM
 
Originally Posted by CharlesS View Post
Did you read the article?

"To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message."
Hm, okay then. (Isn't that "hearsay" evidence though? Or maybe he's fibbing!)

NEVERMIND

Interesting nonetheless... I looked at the http://kernelfun.blogspot.com/ page
and don't see a single advertisement. So whatever the motivation, I don't think
it's about "generating clicks" as some have said. I think many are overreacting.
I'd guess by March this will all just be a memory, and MacOSX will be secured.

Cheers.
-HI-
     
Horsepoo!!!
Banned
Join Date: Jun 2003
Status: Offline
Reply With Quote
Dec 28, 2006, 11:26 AM
 
Originally Posted by Big Mac View Post
If this guy's finding serious OS X bugs in his spare time that highly paid Apple engineers either cannot or will not find themselves, Apple should definitely try to hire him.
Personally, because the guy is such an ass about the whole thing, I think Apple should fix the bugs (if they truly are bugs or security problems), not give him credit and not pay him a dime.
     
TheoCryst
Mac Elite
Join Date: Nov 2005
Location: Seattle, WA, USA
Status: Offline
Reply With Quote
Dec 28, 2006, 12:54 PM
 
Yeah, I'd heard about this guy. If he really gave a damn about security, he'd quietly submit the bug reports to Apple instead of making them available to the public en masse. Not to mention the fact that for he has 31 bugs to release means that he's been stockpiling them for some time now.

Jack@$$.

Any ramblings are entirely my own, and do not represent those of my employers, coworkers, friends, or species
     
Gossamer
Professional Poster
Join Date: Jun 2006
Location: "Working"
Status: Offline
Reply With Quote
Dec 28, 2006, 01:27 PM
 
Originally Posted by Macola View Post
If someone decided to do Windows bugs, it would probably take just a day, as opposed to an entire month.
Originally Posted by Macola View Post
That was my point. You could find the same number of bugs in Windows in one day that you would take a month to find in OS X.
No, he has 31 bugs in Mac OS X, and he's going to release one each day. He's not going to spend a month trying to find bugs.
     
mitchell_pgh
Posting Junkie
Join Date: Feb 2000
Location: Washington, DC
Status: Offline
Reply With Quote
Dec 28, 2006, 01:56 PM
 
Big deal...

1) Few people think OS X is "bulletproof"

2) Finding a security bug is only a big issue if it can be implemented remotely (no physical access to the system).
EDIT: I'm not saying it's not an issue, but I'm really not worried so much about hypothetical situations where someone could hack my system if I install a trojan.

I'm guessing that it's going to be a bunch of "See, because you can fake an icon, this could be a trojan and someone could XYZ" MAJOR SECURITY BREECH!!!
     
Hal Itosis
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Dec 28, 2006, 02:18 PM
 
Two (of many) possible viewpoints...

"Best-case" scenario
This LMH character does the responsible thing: he notifies Apple privately.
So what happened?... one guy submitted some reports to Apple.
QUESTION: when do those problems get fixed?
(Heck, I'll bet dollars to doughnuts that Apple already knows
about many of these bugs... without anyone telling them!!!)
ANSWER: whenever they get around to it.


"Worst-case" scenario
This LMH character goes ahead as planned: each day a new bug is published on the web.
So what happens?... the **world** learns about new bugs.
QUESTION: So, when does each problem get fixed?
ANSWER: I'll bet dollars to doughnuts that they'll move way **way** up on Apple's "to do" list.

--

Here is a comment someone made at the Washington Post article:
The smugness of all too many Mac users is relevant
because it gives Apple a motive not to pay as much
attention to security as it might - because many Mac
users will defend the company out of a misplaced
tribal loyalty rather than, as intelligent users would,
holding the company to account.
Maybe so, maybe not.

Everything isn't black or white... red state or blue state, etc.
There is a spectrum of colors and shades in anything complex.
I suspect this ill wind just might blow something good our way.

So, the sooner the better.
( Last edited by Hal Itosis; Dec 29, 2006 at 01:07 AM. )
-HI-
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Jan 2, 2007, 11:51 AM
 
     
wingdo
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status: Offline
Reply With Quote
Jan 2, 2007, 12:15 PM
 
Wasn't this hole already patched?
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Jan 2, 2007, 03:46 PM
 
There's something for OS X Server that has to do with RTSP, but I didn't find any for OS X Client, so since this asshole can't report the bugs ahead of time to Apple so they can get patched in time, I've used More Internet to reroute the rtsp: protocol to the Chess application for the time being.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
Hal Itosis
Grizzled Veteran
Join Date: Mar 2004
Status: Offline
Reply With Quote
Jan 2, 2007, 04:13 PM
 
Originally Posted by CharlesS View Post
There's something for OS X Server that has to do with RTSP, but I didn't find any for OS X Client, so since this asshole can't report the bugs ahead of time to Apple so they can get patched in time, I've used More Internet to reroute the rtsp: protocol to the Chess application for the time being.
Ever try RCDefaultApp?
It's more internet than 'More Internet'.
-HI-
     
Angus_D
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status: Offline
Reply With Quote
Jan 2, 2007, 05:55 PM
 
Originally Posted by Macola View Post
If someone decided to do Windows bugs, it would probably take just a day, as opposed to an entire month.
You, sir, are an idiot.
     
kick52
Baninated
Join Date: May 2005
Location: England
Status: Offline
Reply With Quote
Jan 2, 2007, 10:02 PM
 
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Jan 2, 2007, 10:26 PM
 
Wow, the second day and he's already reaching for Linux programs.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
- - e r i k - -
Posting Junkie
Join Date: May 2001
Location: Brisbane, Australia
Status: Offline
Reply With Quote
Jan 3, 2007, 12:31 AM
 
Originally Posted by kick52 View Post
God, that was pathetic. I'd hope that Apple had more than one bug he could find at least.

[ fb ] [ flickr ] [] [scl] [ last ] [ plaxo ]
     
wingdo
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status: Offline
Reply With Quote
Jan 3, 2007, 12:19 PM
 
Originally Posted by - - e r i k - - View Post
God, that was pathetic. I'd hope that Apple had more than one bug he could find at least.
Tomorrow he releases a bug found in IE 5.1 for Mac.
Friday will be an issue with System 6.0.7.

Bugs can be found with any freaking piece of software you throw on your computer.
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
     
TETENAL  (op)
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Jan 4, 2007, 05:01 AM
 
MOAB-03-01-2007: Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Today it's about the QuickTime/MySpace issue. I thought that that was a problem with MySpace.
     
philm
Mac Elite
Join Date: May 2001
Location: Manchester, UK
Status: Offline
Reply With Quote
Jan 4, 2007, 08:15 AM
 
Well, this story is now on the front page of the BBC web site.
     
RedStar
Mac Enthusiast
Join Date: Feb 2002
Location: NY
Status: Offline
Reply With Quote
Jan 4, 2007, 01:31 PM
 
This is kind of funny:

Month of Apple Fixes:
Landon Fuller

This guy is patching each bug found on the original website.
     
chris v
Addicted to MacNN
Join Date: Jan 2001
Location: The Sar Chasm
Status: Offline
Reply With Quote
Jan 4, 2007, 02:42 PM
 
Originally Posted by kick52 View Post
4pple suxx0rz b-cause if you DL a program wit a bug, ur 4pple will have a bug!

WTF.

When a true genius appears in the world you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift.
     
Axel
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status: Offline
Reply With Quote
Jan 4, 2007, 05:29 PM
 
Originally Posted by - - e r i k - - View Post
God, that was pathetic. I'd hope that Apple had more than one bug he could find at least.
This is covered on the site's index page :
3. Are Apple products the only one target of this initiative?
Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.
I think the guy's initiative is interesting.
     
wingdo
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status: Offline
Reply With Quote
Jan 4, 2007, 06:40 PM
 
Originally Posted by Axel View Post
This is covered on the site's index page :

Quote:
3. Are Apple products the only one target of this initiative?
Not at all, but they are the main focus. We'll be looking over popular OS X applications as well.
I think the guy's initiative is interesting.
In the BBC article "LMH" says "that he expected Apple to respond and produce official fixes". This guy is lame. Apple is not going to "fix" VLC, it is not their product, it is open source. Apple is not going to resolve the MySpace issue, it is not their web site.
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
     
Axel
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status: Offline
Reply With Quote
Jan 4, 2007, 06:56 PM
 
Originally Posted by wingdo View Post
In the BBC article "LMH" says "that he expected Apple to respond and produce official fixes". This guy is lame. Apple is not going to "fix" VLC, it is not their product, it is open source. Apple is not going to resolve the MySpace issue, it is not their web site.
How does that contradict anything ? He expects Apple to fix the OSX bugs, of course he knows they won't intervene in the VLC development ! At least I hope he does.
FYI, he's only posted one third-party bug so far out of 4, maybe a bit early to point out his lameness.
Also, from what I understand, what you call the "MySpace bug" is actually a security hole in Apple Quicktime.
     
villalobos
Mac Elite
Join Date: Apr 2000
Status: Offline
Reply With Quote
Jan 4, 2007, 07:02 PM
 
Originally Posted by Axel View Post
How does that contradict anything ? He expects Apple to fix the OSX bugs, of course he knows they won't intervene in the VLC development ! At least I hope he does.
FYI, he's only posted one third-party bug so far out of 4, maybe a bit early to point out his lameness.
Also, from what I understand, what you call the "MySpace bug" is actually a security hole in Apple Quicktime.

People here are pretty defensive it seems. Apple can do no wrong it seems...
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Jan 4, 2007, 07:07 PM
 
Originally Posted by villalobos View Post
People here are pretty defensive it seems. Apple can do no wrong it seems...
Or this guy is a lame attention whore, it seems.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Axel
Mac Enthusiast
Join Date: Sep 2000
Location: France
Status: Offline
Reply With Quote
Jan 4, 2007, 07:17 PM
 
In that case people like you attacking him for listing some bugs are definitely helping his case !
Seriously, if someone did such a thing about any other platform, would you call him that ?!
As a programmer, I do enjoy reading his reports and fail to see the lameness. Plus it's bringing some results, as the VLC team brought a fix to their code hours after the report.
     
wingdo
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status: Offline
Reply With Quote
Jan 4, 2007, 09:44 PM
 
Originally Posted by Axel View Post
FYI, he's only posted one third-party bug so far out of 4, maybe a bit early to point out his lameness.
Also, from what I understand, what you call the "MySpace bug" is actually a security hole in Apple Quicktime.
First, when I made my post only three bugs had been posted so at the time 1/3 of his bugs were non Apple bugs during the month of Apple bugs.

Second, I was incorrect in the MySpace bug blurb. I Googled MySpace Hack and got a bazillion results and nothing on the first three pages resulted in anything Apple related. Lots of hacks involving Flash. I should have investigated that further.

Third, I have nothing against security holes being brought into the light as that is how they get fixed. The iPhoto bug can be a major problem, not really sure what the code may be capable of doing, but I doubt it is good news.

Here are my issues with LHM and the MOAB.

First LMH says he has no vendetta against Apple. Fine, but it sure does seem that way. The very second bug he brings up is in an open source project that runs on just about any operating system. How is that an Apple bug? I also wonder why he has to post all the code and results for everyone to see. Seems to me that someone who really wanted to help make things more secure would not go out of his way to show every Tom, Dick and Harry out there how to quickly write something to affect Apple products.

As for his first bug (QT bug) there are various reports already out on the internet from different companies saying they either couldn't or seldom could reproduce the takeover. I have a friend in a west coast university's IT department who's group spent a day on various Macs trying to reproduce the problem but never could. Makes me a bit suspicious as to the validity of the very first bug posted.

I also have a lot of misgivings about LMH being this "cloak and dagger" kind of guy. Who the heck is he? If he is on the up and up, what does he have to hide? Why would you hide the fact that you can find bugs in Apple's OS that Apple engineers cannot find or found but hasn't bothered to fix? I'd be damned proud. How do we know this "person" isn't a team / group of people working in some basement lab in Redmond just looking to trash any non MicroSoft product? I am not saying that is the case ..... but prove that theory wrong. As long as LMH is just some mysterious set of initials there is no way of knowing what is really behind this. There are 12 months in the year, why pick January when you know that is Apple's big yearly event.

As an aside, these bugs which are coming out, do they just affect the Intel Macs or do they affect PPC Macs as well?
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Jan 4, 2007, 11:14 PM
 
Originally Posted by Axel View Post
As a programmer, I do enjoy reading his reports and fail to see the lameness.
As a programmer, would you rather I send you a bug report or send an e-mail to all your users detailing how buggy your software is (of course, including bugs in other software that can be used along with yours)?
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
frankthetank966
Grizzled Veteran
Join Date: Jun 2006
Status: Offline
Reply With Quote
Jan 5, 2007, 09:22 AM
 
WOW!!! I guess MSFT is sending out some predators to attack Apple since Shitsa is coming out soon.
 16 GB 2nd Generation Black iPod Touch w/Contour Showcase
 White Core 2 Duo Macbook with: 2.0 GHz/1 GB Ram/80 GB Hard Drive
     
Angus_D
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status: Offline
Reply With Quote
Jan 5, 2007, 10:44 AM
 
Originally Posted by Chuckit View Post
Or this guy is a lame attention whore, it seems.
Or... both?
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Jan 5, 2007, 01:29 PM
 
Originally Posted by Chuckit View Post
As a programmer, would you rather I send you a bug report or send an e-mail to all your users detailing how buggy your software is (of course, including bugs in other software that can be used along with yours)?
Not to mention you making public a bug in his software that allowed people to do malicious things, and telling people how to do it without giving him a chance to fix it first.

LMH is NOT doing this responsibly. The ethical way to do this is to report the bugs to Apple first, and give them time to fix them. If not fixed in a reasonable amount of time ("reasonable" depends on the severity of the big), then disclose the vulnerability to the public AND DON'T DETAIL HOW TO EXPLOIT IT TO THE PUBLIC!
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Jan 5, 2007, 01:32 PM
 
I'd like to see someone hack his webpage or his AIM account to expose LMH's true identity. Would serve the jerk right.
     
alphasubzero949
Mac Elite
Join Date: Jan 2003
Location: 127.0.0.1
Status: Offline
Reply With Quote
Jan 6, 2007, 03:55 AM
 
Here is the first zero-day from these guys. Enjoy.

MOAB-05-01-2007: Apple DiskManagement BOM Local Privilege Escalation Vulnerability

- No sanity checking by the system yet again (just like the TextEdit, iWeb, Finder overwriting debacle)
- When coupled with one of their previous vulnerabilities (e.g. QuickTime's RTSP vulnerability), this can allow the remote exploit to gain root privileges and execute without any user interaction
- It's only a matter of time before a black hat can use this to compromise OS X boxes out there
- No APE haxie can save you from this one (like that was ever a good idea to begin with)

Makes you wonder how many other zero day exploits are out there shrouded in secrecy.
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Jan 6, 2007, 05:12 AM
 
Now, that is an interesting one. I expect to see a patch to that one pretty soon. It shouldn't be hard to fix, either, from the sound of it.

By the way, just to keep score, the guy is still a dick.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Angus_D
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status: Offline
Reply With Quote
Jan 6, 2007, 08:02 AM
 
BTW, just to clarify: MOAB-05-01-2007 requires the execution of code with permissions of an administrative user. The hole is that you can trampoline from admin to root permissions without user interaction.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Jan 6, 2007, 05:50 PM
 
It also uses the Repair Permissions mechanism to do the privilege escalation, if I am reading the article correctly, so if you don't run Repair Permissions then this shouldn't affect you.

The Cult of Repair Permissions are probably slitting their wrists right now, but the rest of us can just hold off on using that feature until this is patched, unless I'm misunderstanding something.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
wingdo
Senior User
Join Date: Apr 2001
Location: Chicago, Earth
Status: Offline
Reply With Quote
Jan 6, 2007, 06:03 PM
 
Originally Posted by Chuckit View Post
Now, that is an interesting one. I expect to see a patch to that one pretty soon. It shouldn't be hard to fix, either, from the sound of it.

By the way, just to keep score, the guy is still a dick.
Totally agree on both points. It is a very interesting and somewhat scary problem.

And yeah, still a dick.
MBP - 2.33GHz C2D, 3GB RAM, 256MB VRAM, 160GB HD
PB - 1.5GHz G4, 2GB RAM, 128MB VRAM, 80GB HD
PM - Dual 1GHzG4, 1.5GB RAM, NVidia GForce 3, 2x 80 GB HD
     
Angus_D
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status: Offline
Reply With Quote
Jan 6, 2007, 07:48 PM
 
Originally Posted by CharlesS View Post
It also uses the Repair Permissions mechanism to do the privilege escalation, if I am reading the article correctly, so if you don't run Repair Permissions then this shouldn't affect you.
The act of repairing permissions is carried out by a setuid root helper tool inside the DiskManagement private framework. This is self-restricted using authorization services to members of the admin group. If you have local code execution rights as an administrative user, which you need to be to modify the BOM files anyway and is the whole premise of this exploit, then you can invoke repair permissions without user interaction (easiest being through diskutil(8), but almost certainly not terribly hard to interface with the framework directly).
     
 
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 05:35 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,