Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
From: Barry Fitzgerald (bkfsec_at_sdf.lonestar.org)
Date: 07/31/03
- Previous message: ben.moeckel_at_badwebmasters.net: "[bWM#015] SQL-Injection @ Woltlab Burning Board + MOD Guthabenhack 1.3"
- In reply to: MightyE: "Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 16:06:51 -0400 To: bugtraq@securityfocus.com
MightyE wrote:
> If anything I'd call this a security consideration of Escape Pod.
> Perhaps Escape Pod should try to talk to the process it's about to
> kill, and get its 'permission' for killing, and failing a timely
> response (2 secs?), drop the program. ScreenSaverEngine would have to
> be tailored to respond to such a request.
>
> On Linux, doesn't xscreensaver run as root? Wouldn't this be another
> option here (I'm admittedly unfamiliar with Mac OS X), preventing
> Escape Pod from even being capable of terminating the screensaver
> process? Or does Escape Pod also run as root?
>
> If you ask me, Escape Pod owes it to their users to develop the
> product in such a way so to not nullify reasonable security measures
> on the part of the OS, even if that's an option to never terminate
> processes named ScreenSaverEngine.
>
> -MightyE
>
You read my mind on this one. However, one of the complaints I've heard
about having xscreensaver as a SUID root binary is that an exploitable
vulnerability (buffer overflow, et al) in the xscreensaver binary could
allow an attacker even greater elevated priviledges (much worse than
simply killing ScreenSaverEngine)... a solution to this would be running
the ScreenSaverEngine SUID some other user (like, oh, maybe
"screensaver")... and that should stop a usermode program from killing
the screensaver. Unless, as you mentioned, that usermode program were
running as SUID root - in which case I'd have to ask: Why in the name of
$DEITY are you running a program that can kill any process on the screen
as root?!?
-Barry
p.s. I don't have a Mac OS X system on hand nor do I have access to
one. I have no way to test the plausibility of this solution on that
particular system. :)
- Previous message: ben.moeckel_at_badwebmasters.net: "[bWM#015] SQL-Injection @ Woltlab Burning Board + MOD Guthabenhack 1.3"
- In reply to: MightyE: "Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
