Os X - Security Flaw?

[TehFallen]

Just saw something interesting last night. I was working in Xcode on an imac running OSX version 10.6.2. I had a project open it's location being Volumes/My Book/xcode/sourcecode/xcode/project.xcoddeproj (yes the path is wonderfully descriptive) but anyways I was running into some compiling problems i'd never run into before and was using the new xcode for the first time. a quick google suggested removing spaces in my path name so i just went to finder and renamed my external hdd from "My Book" to "MyBook." Then went back to xcode and hit compile. Of course errors out the wall, I had just changed the file path of an open project. What an idiot. It started asking me if i wanted to resave my open files where too etc. I don't actually remember what all i clicked before I realized that it had messed up because of the path. Well today I get on and I go to my volumes folder and was gunna add a shortcut there name "My Book" to link to "MyBook" so all my other shortcuts on my dock, etc still worked. Simple enough. Well I get to the Volumes folder an woah there's a folder there called "My Book". Now everything i'd done was on a standard account that doesn't have write access to the Volumes folder. I can't delete the "My Book" folder without admin privileges, can't change it or anything. It's empty but that's probably because I aborted the compiling process before it could write out everything. So I was thinking...would it be possible to put together an xcode project, one that had certain target files, files you wanted overwritten, say system preference files, etc. Make them a target and compile your xcode project. Somehow it gets privileges and can write to places your user can't. Could be interesting. Maybe it could also set certain resources as files and when you release-deploy it'll package those files in your dmg, in a format you could read. Not sure if any of this is plausible, just something interesting that i'll be testing later.

[StarchyPizza]

Well if your coding things yourself, you can usually make anything happen. But there is always another way to uncover the file

[TehFallen]

Well yes but the point is not that. With a restricted account, this account even has parental controls enabled, xcode was able to write to a location that the user has no access to. Not saying it's completely possible but with experimentation you might be able to exploit it to write any file over any location. Adding all sorts of things. Overwriting host files, network sharing preferences, and maybe even get to the point of gaining a root shell for a person that began with no privileges at all. Though I could be totally wrong and deserve the title 'Newbie'

[Infiltrator]

Well yes but the point is not that. With a restricted account, this account even has parental controls enabled, xcode was able to write to a location that the user has no access to. Not saying it's completely possible but with experimentation you might be able to exploit it to write any file over any location. Adding all sorts of things. Overwriting host files, network sharing preferences, and maybe even get to the point of gaining a root shell for a person that began with no privileges at all. Though I could be totally wrong and deserve the title 'Newbie'

Though it is possible to gain elevated privileges on a limited account, that will be a bit tricky to do that.

[barry99705]

Though it is possible to gain elevated privileges on a limited account, that will be a bit tricky to do that.

You have physical access to the machine. All you need is the os install disk, it has all the tools you need.