[32257] in bugtraq
Re: Mac OS X vulnerabilities
daemon@ATHENA.MIT.EDU (Adam Shostack)
Fri Oct 31 16:23:01 2003
Date: Fri, 31 Oct 2003 12:46:56 -0500
From: Adam Shostack <adam@homeport.org>
To: James Kelly <macubergeek@comcast.net>
Cc: bugtraq@securityfocus.com
Message-ID: <20031031174656.GA33761@lightship.internal.homeport.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3C1C830E-0A74-11D8-A7DC-000393790D08@comcast.net>
You're commenting on 1 of 14 issues listed in
http://docs.info.apple.com/article.html?artnum=61798
I am perfectly capable of reading the CVE entries, and deciding, issue
by issue, if it's worth fixing, and if so, how to fix it. However,
being a security expert should not be a requirement for using a
commericial OS. If these issues are worthy of fixing, they should be
fixed in 10.2.8.
Adam
On Wed, Oct 29, 2003 at 07:58:54PM -0500, James Kelly wrote:
| This vulnerability is much ado about nothing
| It was caused by developers of shareware using third party installers
| which changed the permissions on certain
| directories of MacOS X.
|
| Problem largely solved with the increased use of Apple's installer
|
| AND
|
| problem is easily fixed by adding this command to a root cron job.
|
| diskutil repairpermissions /
|
| Above command can be run every day for your paranoia protection ;-)
|
|
| jamesk
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
