[X-Unix] Root Exploit via sudo

Stephen Jonke sjj_public at mac.com
Thu Apr 7 12:43:51 PDT 2005 

The issue at hand is that on the Mac the default is for the user to be  
an admin user. When you set up your Mac, you create an account, and  
that account is an admin account. Linux generally isn't something your  
Mom can set up on her own. A Mac is, and most users will not know that  
the initial user account, which they'll use, is an admin account, nor  
even what it means for an account to be an admin account. This is a Mac  
issue because Mac OS X makes it easy for almost anyone to do it and if  
it's going to do that, then it needs to go the extra mile for such  
users. All that would mean is setting the mentioned settings by  
default. That, to my mind, isn't too much to ask of Apple - unlike my  
Mom, *they* should know better.

Steve

On Apr 7, 2005, at 3:26 PM, Eugene wrote:

> Irrelevant.  Stupid the-sky-is-falling posting.  I'd write more,
> but someone else has written something nice and succinct.
>
> <http://www.securityfocus.com/archive/1/395142>
>>>
>>> Explain to me how this is a MacOS specific bug? I can duplicate this
>>> behavior on my debian linux machine.
>>> This is fairly generic to anything using sudo with out the included
>>> config options you mentioned below, or am I missing something? There
>>> is no need to single out apple.
>>>
>>> If you have the ability to introduce a trojan into an admin level
>>> account you appear to have other issues on your hands. =]
>>>
>>> I think this advisory is more suited for a how to securely configure
>>> sudo FAQ.
>>> -KF
>
>
> On Thu, Apr 07, 2005 at 12:08:03PM -0400, Our PAl Al <opa at nyc.rr.com>  
> wrote:
> :
> : Just got this on the BugTraqMac list. Definitely relevant for here.
> :
> : > +++++
> : >
> : > There is a warning out about a potentially very serious security
> : > vulnerability in OS X.  The vulnerability would allow a Trojan  
> Horse to
> : > gain root access without the need for user authentication.
> : >
> : > The good news is that the vulnerability is easily patched.
> : >
> : > The bad news is that Apple doesn't feel that it is a problem that  
> they
> : > have to deal with.
> : >
> : > See:
> : >  
> <http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/ 
> 0>
> : > Summary:
> : > OSX can be root compromised by a trojan application.  The trojan
> : > application does not require explicit user authentication to  
> elevate its
> : > privileges to root, nor does the root account need to be enabled.   
> The
> : > Trojan application must be run from an account that is in the  
> admin group,
> : > which is the default for the first account created and the context  
> in
> : > which most users run.  Once executed, the trojan application must  
> only
> : > wait until the user leverages the sudo utility, either at the  
> command line
> : > or by another application that leverages sudo to elevate it's  
> privileges.
> : <snip>
>
>
> -- 
> Eugene
> http://www.coxar.pwp.blueyonder.co.uk/
> _______________________________________________
> X-Unix mailing list
> X-Unix at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/x-unix
>
> Listmom is trying to clean out his closets! Vintage Mac and random  
> stuff:
>          http://search.ebay.com/_W0QQsassZmacguy1984

More information about the X-Unix mailing list