Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Font Book and a font installation security issue' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Font Book and a font installation security issue
Authored by: Mendenhall on Nov 04, '04 04:40:07PM

I am replying at the top level to this comment, even though my reply is partially in response to various replies in other threads.

I have observed an odd phenomenon under 10.3 which may explain why you were able to install fonts in ad admin-only access folder without authenticating. I have observed an apparent bug in the authorization which results in the Finder launching applications _as privileged apps_ after you have used the Finder to carry out some privileged operation itself. It has happened so rarely, that I do not know what sequence of events leads to it.

A typical scenario is as follows:
I am logged in as a non-admin user. I have, however, been doing some admin actions with the finder, requiring me to authenticate as the admin user. I then run (for example) an installer, which _succesfully_ copies an application into /Applications (for example) or /System/Library _without the insatller asking me to authenticate_. When I look at the installed/copied data/program, it has not only been installed into a folder that I currently should not have permissions for, it is installed with the owner set to my admin user (not my logged in user)!

Apparently, sometimes the authenticating the finder as an admin user (when the currently logged in user isn't admin) is dangerously sticky. I was able to launch almost any application from the finder, once this mode got set, and use it to save in privileged area. Once I logged out and back in, the capability disappeared, and these programs no longer were able to do this.

The comment in one thread about checking your current id is one of the things I did from a terminal window. It was perfectly normal. However, (as I pointed out above), I had the temporary ability to launch GUI apps and write data to admin-owned folders, and the data was being written with ownership of my administrator, so clearly the Finder was launching apps with the sticky authentication. I did not think, at the time, to do 'ps axj' on the apps to see the uid they were using, but I strongly suspect I would have seen they were launched as the admin 501, rather than as my user (502).

This is really a warning against taking advantage of the fact that the Finder will let a non admin user enter an admin name and password to to admin things. Apparently, once you have done this there is some chance it will remain sticky for your current login session. Since I often remain logged in for many days or weeks (I just fast-switch to a locked screen when I quit), I could easily be carrying around permissions I no longer want for a long time.

If you want to administer, the safest thing is to really log in as admin, and log out when done. I suspect that the author of this main thread saw the same issue I am describing: at some time in the past, the logged in session had been authenticated for some administrator action, and it was stuck in that mode.




[ Reply to This | # ]