Re: Remove all admin->root authorization prompts from OSX

To: Marvin Simkin <Marvin.Simkin@xxxxxxx>
Subject: Re: Remove all admin->root authorization prompts from OSX
From: John Smith <genericjohnsmith@xxxxxxxxx>
Date: Thu, 25 Jan 2007 17:39:37 +0000
Cc: "K F (lists)" <kf_lists@xxxxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=KJ/Kfm9G1G0mkuG5QvotdE1JNOdtUP+Ky2RhnZ6041ZyRY+ICluwgcp903pflvHoOnbSh+u4Wxdv81klhqJPSHj1tmx1pwl8sQf9P2NewY9GiB33fJMOb3wqgIC6shwbwqKLrW4uTRu0F8SM8/ENoxr24Cl9kI4o/MCgdsvN4xE=
In-reply-to: <DE20D559B11B214EB7DC33FF6A2EB160A3ED25@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <45B805EE.1080806@xxxxxxxxxxxxxxxxxxx> <DE20D559B11B214EB7DC33FF6A2EB160A3ED25@xxxxxxxxxxxxxxxxxxxxxxx>

haha, and I believe kev already had something to say on the topicwhen a n00b had previously posted that as a vuln in Mac OS X:


"Explain to me how this is a MacOS specific bug? I can duplicate this
behavior on my debian linux machine."

http://www.securityfocus.com/archive/1/395142/30/0/threaded

John
On Jan 25, 2007, at 6:34 PM, Marvin Simkin wrote:

I respectfully disagree with this proposal and maybe we shoulddiscuss it.
Being a member of the admin group is NOT 100% equal to being root.Therefore when you switch from admin group to uid=0 you areescalating privileges. A trojan that gets control of an admin'ssession should not be able to escalate itself to root without apassword prompt, which requires a human to decide (rightly orwrongly...) yes I do want to increase the authority of this process.
Sure, an admin should be smart enough not to get trojaned, but whatif they do anyway?
Maybe a cracker could write a trojan that esclates itself using thepowers of the admin group, but why make it easier for those whodon't know how?
The myth that it should be easy for uneducated users to exposetheir computers to harm is one reason why certain other GUIplatforms have so many security problems.
host:/tmp1 sysmsimkin$ id
uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81(appserveradm), 79(appserverusr), 80(admin)
host:/tmp1 sysmsimkin$ ls -ld /tmp1
drwxr-xr-x   3 501  admin  102 Jun 28  2006 /tmp1
host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2
mkdir: /tmp1/tmp2: Permission denied
host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
Password:
host:/tmp1 root# mkdir /tmp1/tmp2
host:/tmp1 root# ls -ld /tmp1/tmp2
drwxr-xr-x   2 root  admin  68 Jan 25 11:20 /tmp1/tmp2
host:/tmp1 root# exit
host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2
rmdir: /tmp1/tmp2: Permission denied
host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
host:/tmp1 root# rmdir /tmp1/tmp2
host:/tmp1 root# exit
host:/tmp1 sysmsimkin$
More interesting (to me) why wasn't I prompted for a password thesecond time? (Yes I know it was designed that way, I'm asking wasthat the right decision.) Presumably there is a window ofvulnerability for a few minutes AFTER you have been root duringwhich you could fall victim to a trojan.
-------------------------------------
Marvin Simkin
Planetary Geology Group
School of Earth and Space Exploration
Arizona State University
http://simkin.asu.edu/



-----Original Message-----
From: K F (lists) [mailto:kf_lists@xxxxxxxxxxxxxxxxxxx]
Sent: Wed 2007-01-24 18:20
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Remove all admin->root authorization prompts from OSX

http://www.petitiononline.com/31337OSX/petition.html

-KF

References:
- Remove all admin->root authorization prompts from OSX
  - From: K F (lists)
- RE: Remove all admin->root authorization prompts from OSX
  - From: Marvin Simkin

Prev by Date: Re: Remove all admin->root authorization prompts from OSX
Next by Date: rPSA-2007-0021-1 bind bind-utils
Previous by thread: Re: Remove all admin->root authorization prompts from OSX
Next by thread: Re: Remove all admin->root authorization prompts from OSX
Index(es):
- Date
- Thread