Fix Script for 5, 8, 15

Skip to first unread message

William A. Carrel

Jan 17, 2007, 3:11:15 AM1/17/07
I've updated the script I wrote for day 5 into a new
(more cleverly named) that makes permission changes
(and BOM file changes to make sure "repair permissions" doesn't make a
machine vulnerable again). It's at (Tack ".asc" at the end of
that URL for a detached PGP/GPG signature.)

#5: The BOM files permissions are fixed up and /Library/Receipts (and
important descendants) get a sticky bit to prevent shenanigans.

#8: /Library/Frameworks gets a sticky bit to prevent Mallory from
replacing pieces executed as root inside Application

#15: The three suid programs in /Apps/Utilities mentioned in the
advisory are changed to not be admin-writable. This is also done to
/Applications/System which has similar

I found a couple other privilege escalation problems while working on
these. I've attempted vendor notification in both cases. One claims
the problem doesn't exist, the other has not responded yet...


Reply all
Reply to author
0 new messages