Finder authentication in Mac OS X 10.3 circumvents root file permissions
Date: 2003-11-24
Security-Corporation ID : SC-0783
URL :
http://www.security-corporation.com/...31124-001.html
Author : Santino Rizzo <
[email protected]>
Product : Mac OS X 10.3
Source Message Contents :
Vendor: Apple Computer
Target: Finder authentication in Mac OS X 10.3
If a user in the admin group tries to write to the /System/Library
directory, which has owner permissions of root:wheel and file
permissions of 755, they are presented with an authentication dialog
from the Finder. Upon authenticating as an admin they are given full
access to the directory, circumventing the root permissions. This
occurs even if the admin group is removed from the sudoers list.
The Finder is authenticating using the /etc/authorization control list.
The authorization right it is looking for is
'com.apple.desktopservices'. This right is not in the list so it is
falling back to the 'default' rule which allows any admin to be
authorized thus gaining write access even though the admin group does
not have write permissions and even if admin is not allowed to sudo.
If the "Go To Folder.." command is used, the admin user can gain write
access to any directory on the system including /private which belongs
to root.