HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
A security flaw in a flawless operating system that, despite being "fixed," still isn't fixed. Think different indeed. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Apple Still Hasn't Fixed Major OS X Security Flaw
- Thread starter HardOCP News
- Start date
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
It sounds like regardless, the "hacker" has to get access to the users environment to actually do this. Meaning you have to be able to open a command tool as the user.
The overall hack is built on the idea of using a system call to generate a file (any file) which has the "s" setuid bit, which if you are not familiar with Unix/Linux is a special attribute that allows a binary owned as root to be executed by anyone as if root is executing it.
It's a huge security risk in Unix & Linux as well, by the nature of the S bit. The very purpose of the S bit is to allow nefarious stuff, but usually in a practical way.
This is almost like saying I have found a *SERIOUS* security flaw in Windows because if I get access to the desktop environment I can run anything as Superuser by simply hitting continue on the UAC dialog box.
The overall hack is built on the idea of using a system call to generate a file (any file) which has the "s" setuid bit, which if you are not familiar with Unix/Linux is a special attribute that allows a binary owned as root to be executed by anyone as if root is executing it.
It's a huge security risk in Unix & Linux as well, by the nature of the S bit. The very purpose of the S bit is to allow nefarious stuff, but usually in a practical way.
This is almost like saying I have found a *SERIOUS* security flaw in Windows because if I get access to the desktop environment I can run anything as Superuser by simply hitting continue on the UAC dialog box.
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,433
Or hackers can crash your car if they have your keys.
Oh you bad boy you.