[X4U] Serious OS X Security Vulnerability

[Eugene]

On Thu, Apr 07, 2005 at 10:43:06AM -0700, Randy B.Singer <randy at macattorney.com> wrote:
: 
: DZ-Jay said:
: 
: >Quotes from the response:
: >"Explain to me how this is a MacOS specific bug? I can duplicate this
: >behavior on my debian linux machine."
: 
: My reponse to that is, who cares?  A Macintosh security problem isn't 
: less of a problem if it affects computers other than the Macintosh.
: 
: Nothing in the response indicates that this isn't a serious security 
: problem or that using this security hole a Trojan cannot gain root access 
: without user authentication.  

Yes, it's a minor security issue.  No, it's not a major security issue.
The problem is that the report specifically targets OS X when in fact it
affects all Unix distributions that ship with sudo enabled.  That's like
running out and saying that Jehovah's Witnesses actually curse and it's
a major problem, when in reality *everyone* curses and it's really just
a minor problem compared to other issues like poverty, world hunger,
rampant AIDS in developing and developed nations, and the current trend
of extremists dictating world policy.  It's also like all of those
security vendors out there saying the sky is falling and that OS X is
vulnerable to cross-platform viruses and Trojan horses and other nasty
things, even though OS X is already pretty secure and there hasn't been
a case of such nasty things being found in the wild.


-- 
Eugene
http://www.coxar.pwp.blueyonder.co.uk/