|
|
Create a Sandbox for apps using folder actions
When an application opens another application, the latter runs as the current logged-in user (you), not as the testuser
that's a surprise, I did not know setuid worked that way. In any case this means this is not secure since it can get out of it's sandbox and run arbitrary shell scripts. Of course it will probably defeat either badly written dangerous programs or most garden variety malicious programs, neither of whic is likey to make the effort needed to get out of the sandbox.
Create a Sandbox for apps using folder actions
This is actually done for security.
Create a Sandbox for apps using folder actions
That would be because it doesn't work that way. Once you run a setuid program, it, and anything it spawns runs as that user. It can't change back to your userid unless you've set it to run setuid root, and the hint explicitly mentions running the sandboxed applications as an unprivileged test user, not as root.
Create a Sandbox for apps using folder actions
SOX wrote:
I did not know setuid worked that way.
Actually, it's the same with and that's right. Same here. I suspect that the applications launch each other via a system call or something that resets the privileges to the logged-in user. Hasn't there recently been talk about something called LaunchServices in connection with the current URL security flaw in Panther? Maybe you could tweak those with an APE haxie or something to keep spawned processes in the Sandbox, but I'm not sure. Anyone got an idea?
SOX wrote:
In any case this means this is not secure since it can get out of it's sandbox and run arbitrary shell scripts. Exactly the problem. I am hoping since so many people are reading this, someone will come up with an idea on how to prevent apps from escaping. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.14 seconds |
|