[X-Unix] Security content of the Mac OS X 10.3.9 Update

Kuestner, Bjoern Bjoern.Kuestner at drkw.com
Sun Apr 17 23:25:21 PDT 2005 

I read the following page:

About the security content of the Mac OS X 10.3.9 Update
<http://docs.info.apple.com/article.html?artnum=301327>

This Apple page states the following:

> Kernel
> Impact: Permitting SUID/SGID scripts to be installed could lead to 
> privilege escalation.
> Description: Mac OS X inherited the ability to run SUID/SGID scripts 
> from FreeBSD. Apple does not distribute any SUID/SGID scripts, but the 
> system would allow them to be installed or created. This update 
> removes the ability of Mac OS X to run SUID/SGID scripts. Credit to 
> Bruce Murphy of rattus.net and Justin Walker for reporting this issue.

I'm not sure I understand this right. Is 10.3.9 disabling the SUID/SGID
functionality?

Let's assume I created a script which should always be run by a special
technical user account setup for a specific purpose, e. g. "backup".

Let's further assume I have a script runBackup.sh with ownership of user
"backup" and rwxr-sr-s permissions.

Do I understand the above paragraph correctly that after the 10.3.9 update
this script will no longer work like it should if user "joe" calls it?

Björn






_______________________________________________
X-Unix mailing list
X-Unix at listserver.themacintoshguy.com
http://listserver.themacintoshguy.com/mailman/listinfo/x-unix

Listmom is trying to clean out his closets! Vintage Mac and random stuff:
         http://search.ebay.com/_W0QQsassZmacguy1984








--------------------------------------------------------------------------------
The information contained herein is confidential and is intended solely for the
addressee. Access by any other party is unauthorised without the express
written permission of the sender. If you are not the intended recipient, please
contact the sender either via the company switchboard on +44 (0)20 7623 8000, or
via e-mail return. If you have received this e-mail in error or wish to read our
e-mail disclaimer statement and monitoring policy, please refer to 
http://www.drkw.com/disc/email/ or contact the sender. 3167
--------------------------------------------------------------------------------

More information about the X-Unix mailing list