I respectfully disagree with this proposal and maybe we should
discuss it.
Being a member of the admin group is NOT 100% equal to being root.
Therefore when you switch from admin group to uid=0 you are
escalating privileges. A trojan that gets control of an admin's
session should not be able to escalate itself to root without a
password prompt, which requires a human to decide (rightly or
wrongly...) yes I do want to increase the authority of this process.
Sure, an admin should be smart enough not to get trojaned, but what
if they do anyway?
Maybe a cracker could write a trojan that esclates itself using the
powers of the admin group, but why make it easier for those who
don't know how?
The myth that it should be easy for uneducated users to expose
their computers to harm is one reason why certain other GUI
platforms have so many security problems.
host:/tmp1 sysmsimkin$ id
uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81
(appserveradm), 79(appserverusr), 80(admin)
host:/tmp1 sysmsimkin$ ls -ld /tmp1
drwxr-xr-x 3 501 admin 102 Jun 28 2006 /tmp1
host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2
mkdir: /tmp1/tmp2: Permission denied
host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
Password:
host:/tmp1 root# mkdir /tmp1/tmp2
host:/tmp1 root# ls -ld /tmp1/tmp2
drwxr-xr-x 2 root admin 68 Jan 25 11:20 /tmp1/tmp2
host:/tmp1 root# exit
host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2
rmdir: /tmp1/tmp2: Permission denied
host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
host:/tmp1 root# rmdir /tmp1/tmp2
host:/tmp1 root# exit
host:/tmp1 sysmsimkin$
More interesting (to me) why wasn't I prompted for a password the
second time? (Yes I know it was designed that way, I'm asking was
that the right decision.) Presumably there is a window of
vulnerability for a few minutes AFTER you have been root during
which you could fall victim to a trojan.
-------------------------------------
Marvin Simkin
Planetary Geology Group
School of Earth and Space Exploration
Arizona State University
http://simkin.asu.edu/
-----Original Message-----
From: K F (lists) [mailto:kf_lists@xxxxxxxxxxxxxxxxxxx]
Sent: Wed 2007-01-24 18:20
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Remove all admin->root authorization prompts from OSX
http://www.petitiononline.com/31337OSX/petition.html
-KF