[22883] in bugtraq
Re: Mac OS X setuid root security hole
daemon@ATHENA.MIT.EDU (Chris Adams)
Wed Oct 17 17:21:32 2001
Date: Wed, 17 Oct 2001 14:00:33 -0700
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v472)
From: Chris Adams <chris@improbable.org>
To: bugtraq@securityfocus.com
Content-Transfer-Encoding: 7bit
In-Reply-To: <5.1.0.14.2.20011017124659.02820020@mail.biapo.com>
Message-Id: <011C6C99-C342-11D5-964B-0003931044DC@improbable.org>
On Wednesday, October 17, 2001, at 09:53 , rotaiv wrote:
> I can't recall if I have seen this on BugTraq so forgive me if this is
> an old issue.
>
> Try these steps on an OS X machine (not logged in as root)
>
> - Open up the terminal application
> - Quit the terminal application
> - Open up NetInfo Manager (leave it in the foreground)
> - Open up the Terminal application form the "Recent Items" list in the
> Apple Menu.
>
> You should now be logged in as root!
This also affects items in the Services menu (want a root text editor?),
which suggests
the entire menu handler runs as the effective userid.
Chris
