Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Submission + - How a Malformed Installer Package Can Crack Mac OS

Corrado writes: "Wow! This story over at MacGeekery highlights some really interesting security flaws in the OSX Installer. According to the story, it is possible, even easy, to build an installer that runs as root but does not ask for permission.

I know your not supposed to install anything from someone you don't know, but I thought OSX would at least ask for permission before handing over the keys to kingdom. This really opened my eyes!"

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"

Working...