Re: Remove all admin->root authorization prompts from OSX

haha, and I believe kev already had something to say on the topic  
when a n00b had previously posted that as a vuln in Mac OS X:

"Explain to me how this is a MacOS specific bug? I can duplicate this
behavior on my debian linux machine."

http://www.securityfocus.com/archive/1/395142/30/0/threaded

John
On Jan 25, 2007, at 6:34 PM, Marvin Simkin wrote:

> I respectfully disagree with this proposal and maybe we should  
> discuss it.
>
> Being a member of the admin group is NOT 100% equal to being root.  
> Therefore when you switch from admin group to uid=0 you are  
> escalating privileges. A trojan that gets control of an admin's  
> session should not be able to escalate itself to root without a  
> password prompt, which requires a human to decide (rightly or  
> wrongly...) yes I do want to increase the authority of this process.
>
> Sure, an admin should be smart enough not to get trojaned, but what  
> if they do anyway?
>
> Maybe a cracker could write a trojan that esclates itself using the  
> powers of the admin group, but why make it easier for those who  
> don't know how?
>
> The myth that it should be easy for uneducated users to expose  
> their computers to harm is one reason why certain other GUI  
> platforms have so many security problems.
>
>
> host:/tmp1 sysmsimkin$ id
> uid=505(sysmsimkin) gid=505(sysmsimkin) groups=505(sysmsimkin), 81 
> (appserveradm), 79(appserverusr), 80(admin)
> host:/tmp1 sysmsimkin$ ls -ld /tmp1
> drwxr-xr-x   3 501  admin  102 Jun 28  2006 /tmp1
> host:/tmp1 sysmsimkin$ mkdir /tmp1/tmp2
> mkdir: /tmp1/tmp2: Permission denied
> host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
> Password:
> host:/tmp1 root# mkdir /tmp1/tmp2
> host:/tmp1 root# ls -ld /tmp1/tmp2
> drwxr-xr-x   2 root  admin  68 Jan 25 11:20 /tmp1/tmp2
> host:/tmp1 root# exit
> host:/tmp1 sysmsimkin$ rmdir /tmp1/tmp2
> rmdir: /tmp1/tmp2: Permission denied
> host:/tmp1 sysmsimkin$ /usr/bin/sudo /bin/bash
> host:/tmp1 root# rmdir /tmp1/tmp2
> host:/tmp1 root# exit
> host:/tmp1 sysmsimkin$
>
> More interesting (to me) why wasn't I prompted for a password the  
> second time? (Yes I know it was designed that way, I'm asking was  
> that the right decision.) Presumably there is a window of  
> vulnerability for a few minutes AFTER you have been root during  
> which you could fall victim to a trojan.
>
> -------------------------------------
> Marvin Simkin
> Planetary Geology Group
> School of Earth and Space Exploration
> Arizona State University
> http://simkin.asu.edu/
>
>
>
> -----Original Message-----
> From: K F (lists) [mailto:kf_lists@digitalmunition.com]
> Sent: Wed 2007-01-24 18:20
> To: bugtraq@securityfocus.com
> Subject: Remove all admin->root authorization prompts from OSX
>
> http://www.petitiononline.com/31337OSX/petition.html
>
> -KF