Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Font Book and a font installation security issue' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Font Book and a font installation security issue
Authored by: rhowell on Nov 03, '04 08:18:10PM
Instead of Quitting Font Book and restarting it multiple times, why don't you just Repair Permissions?

You are scaring people! The owner of /Library/Fonts is root, the group is admin, and anyone else can only read the contents of the folder. Check for yourself, after repairing permissions.

[ Reply to This | # ]
Font Book and a font installation security issue
Authored by: dmmorse on Nov 03, '04 09:07:35PM

Have you even tried examining the substance of the hint before jumping to criticism and conclusions? By your comment, it does not sound as if you have.

FYI, I just repaired permissions three days prior (with no repairs being needed) when installing the latest version of QuickTime.



[ Reply to This | # ]
Here is a good test
Authored by: mzs on Nov 04, '04 09:48:27AM
Login to the non-admin user on the machine
Start Terminal.app
At the Terminal prompt enter the following command:

id

After that, do this command at the prompt:

ls -ld / /Library /Library/Fonts

Then post the output of both of those commands and it will be imediately clear to me (and others too) whether this is problem with permissions or something else.

Let's stop scaring people if there is no need to :)

[ Reply to This | # ]

Here is a good test
Authored by: dmmorse on Nov 04, '04 12:36:07PM
Here's the information you asked for:

uid=501(username) gid=501(username) groups=501(username), 20(staff)

and

drwxrwxr-x  44 root  admin  1496 31 Oct 09:25 /Library
drwxrwxr-x  40 root  admin  1360  1 Nov 22:52 /Library/Fonts

Note: for my own protection, I replaced my actual username with "username". Nothing in the above indicates that a non-administrative account should be able to write to /library/fonts/. However, if the gurus out there tell me the problem is on my end, please let me know so I can 1) fix it and 2) ask Rob to remove the hint.

As a follow up to my original hint, I admit I did jump the gun as far as the default installation is concerned. I deleted the fontbook.plist file and started up FontBook again. The default installation was install "for me only", but any user can select the option "for all users" and install a font in /library/fonts/.

[ Reply to This | # ]

Thanks
Authored by: mzs on Nov 04, '04 01:49:41PM

That output indicates that nothing was amiss about the permissions. So that simple hypothesis of why a non-admin user was able to add system fonts seems debunked.



[ Reply to This | # ]