Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Swordmaker; SunkenCiv

ping - Macintosh mention


2 posted on 04/02/2005 7:10:31 PM PST by solitas (So what if I support a platform that has fewer flaws than yours? 'Mystic' dual 500 G4's, OSX.3.7)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Bush2000; antiRepublicrat; Action-America; eno_; N3WBI3; zeugma; TechJunkYard; ShorelineMike; ...
Possible Security exploit that MIGHT impact OSX... but it requires "root access" for the exploit to work.

Mac OS X behaves in a similar fashion to Windows: Given root rights kernel extensions can be loaded, which can then issue ATA commands.

The authors seem to be misctaking OSX's "root kernal rights" with OSX's Administrator level permissions ("as for Mac OS X, entering one's administrator password to install any old piece of shareware has become common practice..."). Activating "root" is a access level above OSX Administrator access which requires more than just entering the Administrator password.

This potential exploit presupposes the existance of an OSX virus that invades the system, elevation of access privileges, and finally the ability to mine the "Root level" access password IF Root access has been activated before the OSX system might be impacted.

Although I believe there is "no there, there" in this exploit, I am pinging the Mac Ping list to this article. They offer a "fix" that requires Mac users to activate Root... which could make one's Mac vulnerable to this and other exploits. That is not a good idea, to my mind.

In any case... PING!

If you want to be on or off the Mac Ping list, Freepmail me.

4 posted on 04/02/2005 10:24:42 PM PST by Swordmaker
[ Post Reply | Private Reply | To 2 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson