[30990] in bugtraq
Re: Another Mac OS X ScreenSaver Security Issue (after Security
daemon@ATHENA.MIT.EDU (Barry Fitzgerald)
Thu Jul 31 16:45:10 2003
Message-ID: <3F2976DB.2080902@sdf.lonestar.org>
Date: Thu, 31 Jul 2003 16:06:51 -0400
From: Barry Fitzgerald <bkfsec@sdf.lonestar.org>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <3F2967A9.1060408@mightye.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
MightyE wrote:
> If anything I'd call this a security consideration of Escape Pod.
> Perhaps Escape Pod should try to talk to the process it's about to
> kill, and get its 'permission' for killing, and failing a timely
> response (2 secs?), drop the program. ScreenSaverEngine would have to
> be tailored to respond to such a request.
>
> On Linux, doesn't xscreensaver run as root? Wouldn't this be another
> option here (I'm admittedly unfamiliar with Mac OS X), preventing
> Escape Pod from even being capable of terminating the screensaver
> process? Or does Escape Pod also run as root?
>
> If you ask me, Escape Pod owes it to their users to develop the
> product in such a way so to not nullify reasonable security measures
> on the part of the OS, even if that's an option to never terminate
> processes named ScreenSaverEngine.
>
> -MightyE
>
You read my mind on this one. However, one of the complaints I've heard
about having xscreensaver as a SUID root binary is that an exploitable
vulnerability (buffer overflow, et al) in the xscreensaver binary could
allow an attacker even greater elevated priviledges (much worse than
simply killing ScreenSaverEngine)... a solution to this would be running
the ScreenSaverEngine SUID some other user (like, oh, maybe
"screensaver")... and that should stop a usermode program from killing
the screensaver. Unless, as you mentioned, that usermode program were
running as SUID root - in which case I'd have to ask: Why in the name of
$DEITY are you running a program that can kill any process on the screen
as root?!?
-Barry
p.s. I don't have a Mac OS X system on hand nor do I have access to
one. I have no way to test the plausibility of this solution on that
particular system. :)
