huge privilege escalation vulnerability in mac osx 10.5

Discussion in 'OT Technology' started by Limp_Brisket, Jun 21, 2008.

Thread Status:
Not open for further replies.
  1. Limp_Brisket

    Limp_Brisket New Member

    Joined:
    Jan 2, 2006
    Messages:
    48,422
    Likes Received:
    0
    Location:
    Utah
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    mac: it just works


    :nono:
     
  3. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Ogre: He just doesn't work. And he resents it.
     
  4. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    peyomp: sackride anything that is white, starts with a lowercase `i`, and doesn't come from microsoft.

    :mamoru:
     
  5. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    You spend a significant amount of time dissing macs because you feel bad about your discount PC and your shit OS. Its kind of pathetic. If anyone has a cock up their ass about something, its you and PCs. Jesus Christ.
     
  6. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    I.R.O.N.Y.
     
  7. Limp_Brisket

    Limp_Brisket New Member

    Joined:
    Jan 2, 2006
    Messages:
    48,422
    Likes Received:
    0
    Location:
    Utah
    well this thread turned out productive...
     
  8. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Privilege escalation will always be a vulnerability. Even if you ask the user for permission using a secure dialog box that no app (not even system services) can interfere with, how do you know the user is trustworthy and informed? You don't. Even the Army's Perfectly Secure Kernel, which asks the user if it's okay to run every single operation, can't get around that problem.

    One thing that does bug me, though, is when I install something like iTunes and it creates a bunch of services running under the LocalSystem account without asking me, or at the very least, telling me that it's going to do that. Maybe I don't own an iPod, so maybe I don't need the iPodService and the iTunesHelper ticking away in the background with permissions higher than my own.

    EDIT: Can we get a mod with a pair of pruners up in this piece?
     
  9. piratepenguin

    piratepenguin New Member

    Joined:
    Jun 18, 2006
    Messages:
    1,067
    Likes Received:
    0
    Location:
    Ireland
    Is anybody going to actually make a case for Apple?

    Because I would feel violated to be using their OS after reading what the security experts always say about it, and especially their attitude.

    Seems like Apple were good to copy security, but that's as far as they go. :dunno:
     
  10. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    I think the most interesting part is that it won't work on 10.4, but will work on 10.5.
     
  11. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    i don't know. anything that i've read by "security experts" about OSX was generally bullshit by people who favored Microsoft. i remember seeing some list that said OSX is less secure because they have a higher # of security bugs listed on some site. but, when you actually look at them, the bulk of the bugs were either 3rd party or were just place holder pages in case something came up. so, this idea of counting the number of issues was a bullshit way of saying which was more/less secure.


    this is obviously an issue, though.
     
  12. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    That's simple reciprocity. For years people have been saying Windows was a shitty server OS, and they've been full of shit, imo. Windows has been a GREAT server OS. The people saying it wasn't were basing it on a list of hotfixes and other bullshit. Fuck that. I ran Windows NT/2000/2003 servers for many years without any problems. In fact, my Linux boxes have consistently given me more grief.

    I'm not saying Linux is bad. I'm simply saying that Windows isn't.
     
  13. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    Nope. The mac sackriders will say that anyone calling OS X insecure is simply full of shit, but they won't back it up with anything scientific... The most I've heard is that they don't run AV and don't have spyware. The truth is that there ARE viruses and spyware for the mac, but it's not common. People who write viruses/spyware want exposure to the maximum potential of people -- and you simply don't write for the mac when you have those priorities :mamoru:
     
  14. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    You can make a pretty good allegory to the tree that falls in the woods but nobody hears it -- if there's a hole in the OS and nobody exploits it, is it really a vulnerability? Thinking along that line, Windows is only insecure for the span of time between a hole being found and a patch being distributed. So all in all, yeah, it's pretty good as far as security; probably its biggest failing was that it used to not come with all the security options turned on, but they learned that lesson with Windows Server 2003.
     
  15. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    OS X is a great desktop OS, but I wouldn't trust it to host services on they internet unless I gutted the shit out of it. And even then - why? There's Linux/Solaris for that, which are better at that.

    For what it does - OS X is the most trouble free OS. Ask my spam free mother. But its no server.

    But thank you Mr. Ogre for bringing gay sex metaphors to this thread. You aren't actually capable of making two consistent posts without invoking cock-in-ass imagery, are you?
     
  16. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    Oh shit, I forgot that email spam was a function of the desktop... oh wait... it's NOT. :ugh2:

    maybe i did, but I don't remember it.... when did I put my cock in your ass?
     
  17. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio


    http://forums.offtopic.com/showpost.php?p=101199552&postcount=5

    [​IMG]
     
  18. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    What do you think sackride means, you bafoon? Like you don't get off on the image of a cock balls deep in someone's ass the 112 times each day you say that?
     
  19. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Post 4 comes before post 5, last time I checked.
     
  20. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    And post 3 comes before post comes before post 4, last time I checked.


    match point, and GAME. :wiggle:
     
  21. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    to be honest, I don't really associate it with homosexuality. I mean if that's what does it for you, then I won't judge... just saying it's not what immediately pops into my mind.
     
  22. Limp_Brisket

    Limp_Brisket New Member

    Joined:
    Jan 2, 2006
    Messages:
    48,422
    Likes Received:
    0
    Location:
    Utah
  23. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    I believe you were the first to actually use the terms ass and cock, sir.
     
  24. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
  25. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    What imagery is sackrider supposed to invoke, exactly, if not a cock in an ass balls deep?

    Sir?
     
Thread Status:
Not open for further replies.

Share This Page