[X4U] Re: X4U Digest, Vol 41, Issue 15
David Ledger
dledger at ivdcs.demon.co.uk
Mon Jan 14 15:45:17 PST 2008
At 07:50 -0800 14/1/08, x4u-request at listserver.themacintoshguy.com wrote:
>From: Robert Ameeti <Robert at Ameeti.net>
>Subject: Re: [X4U] Extra Applications folder
>To: "A place to discuss Mac OS X for the casual user."
> <x4u at listserver.themacintoshguy.com>
>Message-ID: <p06240815c3ae8352195f@[10.0.1.200]>
>Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
>At 12:01 PM +0000, 1/12/08, David Ledger wrote:
>
>>But be aware that should you accidentally run some Trojan that may
>>exist in the future, it wouldn't have to ask for a password to
>>attach something to any App in ~/Applications, because you own them.
>
>Where does this belief come from?
From the Unix protection model. That's the way it works.
> Users, Groups, & Others have
>rights, not ownership.
Files have ownership that is a user and a group, therefore users have
ownership of files (at least, in English English).
> Any change to an application should require
>authorization from someone who has rights to make that change.
If you are the owner of a file you can change the rights and (hence)
the contents of a file. If you own an application because _you_
installed it into ~/Applications, a piece of malware triggered by you
and running as you can modify that application. It can't modify an
app installed in /Applications that is owned by root without further
authentication.
David
--
David Ledger - Freelance Unix Sysadmin in the UK.
HP-UX specialist of hpUG technical user group (www.hpug.org.uk)
david.ledger at ivdcs.co.uk
www.ivdcs.co.uk
More information about the X4U
mailing list