Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Hack Mac OS X With Installer Packages 194

Posted by kdawson
from the why-not-to-run-as-admin dept.
nezmar writes, "MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.'" The article notes that this issue was brought up on the Apple Discussion Boards 6 weeks back and that it was noted there as a duplicate / known issue. It also gives as an example the installation of Parallels, the popular virtualization software, which uses the described technique, but not for nefarious purposes.
This discussion has been archived. No new comments can be posted.

Hack Mac OS X With Installer Packages

Comments Filter:
  • "Installs" are bad (Score:4, Interesting)

    by Animats (122034) on Saturday September 16, 2006 @03:19PM (#16121188) Homepage

    One of the great features of the original MacOS was that it didn't have "installation". You put an application somewhere, the Finder found it, and you could launch it. If you wanted to delete it, you deleted it, and it disappeared. Maybe once in a while you had to rebuild the desktop to update the derived info that made this work.

    But now, Apple has "installation", where install programs put stuff all over the place, and maybe change the state of the system. Just like Windows. Big step backwards.

  • by Midnight Thunder (17205) on Saturday September 16, 2006 @03:36PM (#16121263) Homepage Journal
    This reminds of the suggestion that one security advisor provided. I think it was a story some time back here on slashdot.

    Basically the guy suggested that the authentication dialog should have a user customisable image (you would customise in control panel). That way when the password entry dialog appears the person would know whether the password request dialog was being provieded by the system, or being faked. The idea is that the is little chance in the rogue program working out the image the user used to authenticate password dialogs.

    It also makes us realise that validity of Microsoft providng the facility of signing packages. Although there are chances that you can have a faked certificate, this would help you limit yourself to a party with a valid certificate, if you so choose. The important point is that the certificate is used as an indication, not as a control mechanism.

    The truth is though, if you have enough careless users installing random garbage you increase the chances of your system getting 0wned, no matter what the OS. It is the same principal as in the real world where even if you have the best security system, if you have people leaving doors open, covering detectors because they make life inconvenient they are truely worthless.
  • by Tony Hoyle (11698) <tmh@nodomain.org> on Saturday September 16, 2006 @05:35PM (#16121652) Homepage
    Of course nobody will do that. They'll see yet another dialog asking for their password and enter it blindly. Instant hacked system.
  • by mattkinabrewmindspri (538862) on Saturday September 16, 2006 @05:58PM (#16121744)
    Or you can boot from the install CD and just reset the password from there. Or boot from another OS X drive and change things from there. Or open the machine and do any of several different things.

    If you can boot into single user mode, the machine is toast anyway. The best thing to do is to install Open Firmware Password [apple.com] to keep people from booting into single user mode or booting from another drive without the admin password, and then physically lock the machine so someone can't open it.
  • by glesga_kiss (596639) on Saturday September 16, 2006 @10:20PM (#16122630)
    Whilst i'm not totally convinced on the secure attention sequence idea, lets hope that if Apple do implement it, they make sure it works. Unlike Windows where its not secure as you can intercept it.

    You can't intercept it without modifying the OS kernel. And if you've done that you already own the machine. ctrl-alt-delete is a very low level signal. This has been around since NT for login, it's nothing new. On linux you can customise what the combo does by modifying the inittab file.

  • by rthille (8526) <web-slashdot@@@rangat...org> on Sunday September 17, 2006 @08:14PM (#16127094) Homepage Journal
    The point you're missing (though I'm not sure this is accurate, I just got it from the article) is that an 'admin user' on OS-X is basically the same as someone who's in the sudoers list or in the wheel group on Unix. You _may_ access root, but not everything you do is as root. This is like the ability to run 'su' or 'sudo' and not type your password to become root. If that were true on linux, then any untrusted program you ran as 'joeuser' could become root without the user's knowledge, just by invoking 'su' or 'sudo' in a child process.

Any given program, when running, is obsolete.

Working...