Re: Mac OS X vulnerabilities

From: Adam Shostack (adam_at_homeport.org)
Date: 10/31/03

  • Next message: Jason Storm: "Console Root On OSX up to 10.2.8"
    Date: Fri, 31 Oct 2003 12:46:56 -0500
    To: James Kelly <macubergeek@comcast.net>
    
    

    You're commenting on 1 of 14 issues listed in
    http://docs.info.apple.com/article.html?artnum=61798

    I am perfectly capable of reading the CVE entries, and deciding, issue
    by issue, if it's worth fixing, and if so, how to fix it. However,
    being a security expert should not be a requirement for using a
    commericial OS. If these issues are worthy of fixing, they should be
    fixed in 10.2.8.

    Adam

    On Wed, Oct 29, 2003 at 07:58:54PM -0500, James Kelly wrote:
    | This vulnerability is much ado about nothing
    | It was caused by developers of shareware using third party installers
    | which changed the permissions on certain
    | directories of MacOS X.
    |
    | Problem largely solved with the increased use of Apple's installer
    |
    | AND
    |
    | problem is easily fixed by adding this command to a root cron job.
    |
    | diskutil repairpermissions /
    |
    | Above command can be run every day for your paranoia protection ;-)
    |
    |
    | jamesk
    |

    -- 
    "It is seldom that liberty of any kind is lost all at once."
    					               -Hume
    

  • Next message: Jason Storm: "Console Root On OSX up to 10.2.8"