[X-Unix] Root Exploit via sudo
Stroller
MacMonster at myrealbox.com
Fri Apr 8 03:49:47 PDT 2005
On Apr 8, 2005, at 2:46 am, William H. Magill wrote:
> On 07 Apr, 2005, at 15:43, Stephen Jonke wrote:
>> ...This is a Mac issue because Mac OS X makes it easy for almost
>> anyone to do it and if it's going to do that, then it needs to go the
>> extra mile for such users. All that would mean is setting the
>> mentioned settings by default. That, to my mind, isn't too much to
>> ask of Apple - unlike my Mom, *they* should know better.
>
> Your mom is not likely to ever even hear about sudo, let alone ever
> have an occasion to use it.
> She is also more likely to power down her machine every day, killing
> off any lurking trojans.
> sudo is a Unix thing, not a Mac thing.
> It still takes a surprising amount of education beating folks over the
> head to convince "dumb users" to use sudo instead of su or logging in
> as root. There are probably far more Max OSX users who use su or
> enable the root login rather than use sudo.
Erm... the way I'm reading this is that `sudo` is used anytime an
application needs an admin user to enter their password. EG: run dodgy
trojan, that sits in background & waits until updates are ready to
install, user enters password to install updates, trojan elevates its
privileges. Am I reading this incorrectly?
Stroller.
More information about the X-Unix
mailing list