On Sun, May 24, 2009 at 11:28 AM, Dave Keck <davek...@gmail.com> wrote: > I debated whether I should mention my technique thinking someone might > bring up this precise vulnerability. :)
It is possible to use /tmp safely, but you have to be very careful. Just like when doing anything sensitive on the filesystem. > My rationale is based on the fact the BetterAuthorizationSample is > also vulnerable to a similar attack: some malicious code is running in > the background, and at just the right instant replaces the genuine > tool with a malicious one, and the malicious tool gets root > privileges. Granted, our cases are quite different: mine is completely > preventable by using an IPC mechanism that avoids the filesystem, as > you mentioned. But alas, I sided with the "if they want it bad > enough..." line of thinking. That's a rather unfortunate line of thinking. Apple could do everything in the world to lock down the operating system, but if someone can take advantage of a completely unrelated third-party software to perform an attack, I wouldn't be too thrilled. I'm also confused about how one could levy the same attack against BAS. Unless the app is running from /tmp (or another directory writable by an unprivileged user) then it's not going to happen. The attack I described is a consequence of how UNIX applies permissions to directories; the ability to unlink directory entries is not an attribute of the entries themselves, but of the directory. --Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
