Fix Script for 5, 8, 15
0 views
Skip to first unread message
William A. Carrel
Jan 17, 2007, 3:11:15 AM1/17/07
to moab...@googlegroups.com
I've updated the bom-safety.py script I wrote for day 5 into a new
(more cleverly named) bom-shelter.py that makes permission changes
(and BOM file changes to make sure "repair permissions" doesn't make a
machine vulnerable again). It's at
http://www.carrel.org/files/bom-shelter.py. (Tack ".asc" at the end of
that URL for a detached PGP/GPG signature.)
(more cleverly named) bom-shelter.py that makes permission changes
(and BOM file changes to make sure "repair permissions" doesn't make a
machine vulnerable again). It's at
http://www.carrel.org/files/bom-shelter.py. (Tack ".asc" at the end of
that URL for a detached PGP/GPG signature.)
#5: The BOM files permissions are fixed up and /Library/Receipts (and
important descendants) get a sticky bit to prevent shenanigans.
#8: /Library/Frameworks gets a sticky bit to prevent Mallory from
replacing pieces executed as root inside Application
Enhancer.framework
#15: The three suid programs in /Apps/Utilities mentioned in the
advisory are changed to not be admin-writable. This is also done to
/Applications/System
Preferences.app/Contents/Resources/installAssistant which has similar
issues.
I found a couple other privilege escalation problems while working on
these. I've attempted vendor notification in both cases. One claims
the problem doesn't exist, the other has not responded yet...
--
wac
Reply all
Reply to author
Forward
0 new messages