Jump to content

Os X - Security Flaw?


TehFallen

Recommended Posts

Just saw something interesting last night. I was working in Xcode on an imac running OSX version 10.6.2. I had a project open it's location being Volumes/My Book/xcode/sourcecode/xcode/project.xcoddeproj (yes the path is wonderfully descriptive) but anyways I was running into some compiling problems i'd never run into before and was using the new xcode for the first time. a quick google suggested removing spaces in my path name so i just went to finder and renamed my external hdd from "My Book" to "MyBook." Then went back to xcode and hit compile. Of course errors out the wall, I had just changed the file path of an open project. What an idiot. It started asking me if i wanted to resave my open files where too etc. I don't actually remember what all i clicked before I realized that it had messed up because of the path. Well today I get on and I go to my volumes folder and was gunna add a shortcut there name "My Book" to link to "MyBook" so all my other shortcuts on my dock, etc still worked. Simple enough. Well I get to the Volumes folder an woah there's a folder there called "My Book". Now everything i'd done was on a standard account that doesn't have write access to the Volumes folder. I can't delete the "My Book" folder without admin privileges, can't change it or anything. It's empty but that's probably because I aborted the compiling process before it could write out everything. So I was thinking...would it be possible to put together an xcode project, one that had certain target files, files you wanted overwritten, say system preference files, etc. Make them a target and compile your xcode project. Somehow it gets privileges and can write to places your user can't. Could be interesting. Maybe it could also set certain resources as files and when you release-deploy it'll package those files in your dmg, in a format you could read. Not sure if any of this is plausible, just something interesting that i'll be testing later.

Link to comment
Share on other sites

Well yes but the point is not that. With a restricted account, this account even has parental controls enabled, xcode was able to write to a location that the user has no access to. Not saying it's completely possible but with experimentation you might be able to exploit it to write any file over any location. Adding all sorts of things. Overwriting host files, network sharing preferences, and maybe even get to the point of gaining a root shell for a person that began with no privileges at all. Though I could be totally wrong and deserve the title 'Newbie'

Link to comment
Share on other sites

Well yes but the point is not that. With a restricted account, this account even has parental controls enabled, xcode was able to write to a location that the user has no access to. Not saying it's completely possible but with experimentation you might be able to exploit it to write any file over any location. Adding all sorts of things. Overwriting host files, network sharing preferences, and maybe even get to the point of gaining a root shell for a person that began with no privileges at all. Though I could be totally wrong and deserve the title 'Newbie'

Though it is possible to gain elevated privileges on a limited account, that will be a bit tricky to do that.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...