[X4U] Re: X4U Digest, Vol 41, Issue 15

David Ledger dledger at ivdcs.demon.co.uk
Mon Jan 14 15:45:17 PST 2008


At 07:50 -0800 14/1/08, x4u-request at listserver.themacintoshguy.com wrote:
>From: Robert Ameeti <Robert at Ameeti.net>
>Subject: Re: [X4U] Extra Applications folder
>To: "A place to discuss Mac OS X for the casual user."
>	<x4u at listserver.themacintoshguy.com>
>Message-ID: <p06240815c3ae8352195f@[10.0.1.200]>
>Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
>At 12:01 PM +0000, 1/12/08, David Ledger wrote:
>
>>But be aware that should you accidentally run some Trojan that may
>>exist in the future, it wouldn't have to ask for a password to
>>attach something to any App in ~/Applications, because you own them.
>
>Where does this belief come from?

 From the Unix protection model. That's the way it works.

>  Users, Groups, & Others have
>rights, not ownership.

Files have ownership that is a user and a group, therefore users have 
ownership of files (at least, in English English).

>  Any change to an application should require
>authorization from  someone who has rights to make that change.

If you are the owner of a file you can change the rights and (hence) 
the contents of a file. If you own an application because _you_ 
installed it into ~/Applications, a piece of malware triggered by you 
and running as you can modify that application. It can't modify an 
app installed in /Applications that is owned by root without further 
authentication.

David


-- 
David Ledger - Freelance Unix Sysadmin in the UK.
HP-UX specialist of hpUG technical user group (www.hpug.org.uk)
david.ledger at ivdcs.co.uk
www.ivdcs.co.uk


More information about the X4U mailing list