[X-Unix] App launched by my crontab runs as root if Login Window!

Eric F Crist ecrist at secure-computing.net
Sun Jun 5 11:07:11 PDT 2005 

On Jun 5, 2005, at 10:08 AM, Jerry Krinock wrote:

> on 05/06/04 22:01, Eric F Crist at ecrist at secure-computing.net wrote:
>
>
>> I am running 10.4.1 and cannot reproduce your results.  What is
>> 'different' about your Mac's configuration?
>>
>
> It's a Powerbook G4 running 10.4.1.  It definitely does this I put  
> in my MY
> crontab, "jk".  I've attached a couple pictures to prove it.
>
> The first one shows screenshots of CronniX (a cron gui) and  
> Terminal after I
> told it to fire iCal at 7:37.
>
> The second one is an photograph of my computer, since the Services  
> menu was
> not working I could not launch Grab to do a screenshot.  So, it's a  
> little
> fuzzy.  But in iCal I selected File > Export and you see the Save  
> Dialog box
> there lists at the bottom "[house] root" as a save location.
>
> The other day, in my actual app, I confirmed this having it put up  
> an alert
> panel showing the results of the call to "NSCurrentUser()" and it  
> showed
> "root".
>
>
> <forEricCrist.tiff>
> <Eric_iCal_root.jpg>
>

Jerry,

Thanks for the great detail, it really helps me try to isolate your  
problem and assist you in the troubleshooting process.

I'm curious as to when you purchased your powerbook.  Did it  
originally come with a VERY early version of OS X?  I am also running  
10.4.1 on a G4 PowerBook, but mine came originally with 10.3.5.  If  
yours came with an earlier version, perhaps doing a fresh install  
would help with this security vulnerability.

If you could, try using the following in a crontab:

/usr/bin/open "/Applications/Utilities/Terminal.app"

See if it gives you full root access to the command line.  If it  
does, I would say this is a SERIOUS risk.  Not saying that running  
iCal as root isn't.  If you don't want to reinstall your PowerBook,  
you could recompile the entire system from sources.  This will  
rebuild everything on the entire system, which, theoretically, should  
clear up this vulnerability.

If you don't want to do either of those, let me know, we can try some  
other things.
_______________________________________________________
Eric F Crist                  "I am so smart, S.M.R.T!"
Secure Computing Networks              -Homer J Simpson

More information about the X-Unix mailing list