Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Swordmaker
> it requires physical possession of the target computer and Administrative access.

Okay, I'm stupid. I MUST be stupid because:

  1. Physical possession of a computer is GAME OVER for all computers. Period. That's common knowledge.

  2. Requires Administrative access, and THEN it "allows user privilege escalation"... you don't need an additional vuln. What am I not understanding here?
If you already have Admin access, you can do anything you want on the computer including give other normal users admin privilege.

Where's the story here?

3 posted on 07/22/2015 9:23:20 PM PDT by dayglored (Meditate for twenty minutes every day, unless you are too busy, in which case meditate for an hour.)
[ Post Reply | Private Reply | To 2 | View Replies ]

To: dayglored
Where's the story here?

I think it applies to the usual suspects.

Those that have a printed copy of the admin password under their desk blotter.
5 posted on 07/22/2015 9:40:26 PM PDT by PA Engineer (Liberate America from the Occupation Media. #2ndAmendmentMatters)
[ Post Reply | Private Reply | To 3 | View Replies ]
To: dayglored
Requires Administrative access, and THEN it "allows user privilege escalation"... you don't need an additional vuln. What am I not understanding here?

If you already have Admin access, you can do anything you want on the computer including give other normal users admin privilege.

What you're missing is that on a Mac, the Administrator account is not the highest level access. While I t's still limited, requiring name and password to do things and some things are still prohibited, the ROOT user is above Administrator level.

This vulnerability allows an admin to escalate his privileges by being able to open and write to ROOT-access-only files with impunity, regardless of what permissions are set on those files. That includes the files establishing who has access to what files, including ROOT files and who is a ROOT user! Privilege escalation from Admin to ROOT! Of course, on a Mac, the original Admin can create the first ROOT user and establish the ROOT password, so again, for most Mac users, this vulnerability is moot, because they could already do what it gives them the ability to do.

For some very limited number of Macs (I have trouble thinking of any, but it's possible) where an owner, who is the only one who knows the ROOT user name and password, has given admin privileges to one or two admins and some other users have only standard privileges, it might be a threat if one of the admins is too trustworthy. The it's an Oops!

7 posted on 07/22/2015 11:59:54 PM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 3 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson