On last.fm: Ciara radio - Listen now!
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 17 of 51:
Next »
« Previous
What?
"Read the article dude."

My post was about the poor quality of the journalism. The
article, based on a post to an unmoderated mailing list, is
not a good source.

"Only until the user then logs in as admin. After the user
does that, the widget has full control of the machine."

If the user is a member of the admin group then any code,
or widget, will have admin group privileges, which includes
the ability to run sudo. If the user, or a user's process,
executes sudo then other processes are able to use the
elevated permissions due to the configuration of sudo in
MacOSX.

If the user isn't (ie just a member of staff) then s/he will run
in the restricted environment and doesn't have access to
sudo (removing this "vulnerability" and many others).

If a restricted user requires temporary administrator
permissions (eg like running "Software Update") then that
process makes calls via [url=http://developer.apple.com/
documentation/Security/Conceptual/
authorization_concepts/index.html#//apple_ref/doc/uid/
TP30000995]Authorization Services[/url].

Hope this helps.
Posted by: Richard Flude   Posted on: 05/22/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

This new OS is still beta  FADS_z | 05/20/05
You must be talking about...  Rick_K | 05/21/05
Your Head Is In The Sand  nikoli | 05/21/05
ok.. how about  doh123 | 05/23/05
Auto Install  nikoli | 05/23/05
That mature Apple is rotten on the ground  FADS_z | 05/22/05
Nothing "worser" than ActiveX. (NT)  b.d.hi | 05/21/05
No matter you are hi or lo.  FADS_z | 05/22/05
So you agree with him?  doe_z | 05/23/05
Not a chance...  BitTwiddler | 05/23/05
Where does ZDNet get it's reporters from?  Richard Flude | 05/21/05
Tie-in to sudo is *NOT* ridiculous  rpmyers1 | 05/21/05
Ridiculous spin  Steven Rogers | 05/21/05
You Spun The Spin  nikoli | 05/21/05
The tie-in is  Richard Flude | 05/22/05
Wrong  nikoli | 05/21/05
What?  Richard Flude | 05/22/05
Wrong Again  nikoli | 05/23/05
Clearly you do not know what you are talking about  Richard Flude | 05/24/05
do you understand what you read?  doh123 | 05/23/05
Doh = Dumb  nikoli | 05/23/05
Read the article  Apple ipod | 05/26/07
Drop Widgets like a hot potato  DarthRidiculous | 05/21/05
There's a difference  Qbt | 05/21/05
Take another sip of the M$ koolaid  DarthRidiculous | 05/21/05
Its not about the quantity of users  Steven Rogers | 05/21/05
So what you are saying is that...  Qbt | 05/21/05
The bottom line is this  TWRX | 05/21/05
OSX Is Not The Safest OS Ya Dumbass  nikoli | 05/21/05
Read the post you are posting to  DarthRidiculous | 05/21/05
I Read It Bro  nikoli | 05/21/05
Prove it.  Jkirk3279 | 05/23/05
Any *nix you can dig up  nikoli | 05/23/05
Use both  DarthRidiculous | 05/21/05
Slight correction, and comments  toadlife | 05/22/05
Correction to the correction  rpmyers1 | 05/22/05
Like download widgets in the first place  DarthRidiculous | 05/22/05
Back in the pre OSX days the vast majority of vri/worms  Laff | 05/23/05
I totally agree  toadlife | 05/23/05
Let me get this straight...  thetargos | 05/23/05
Nope  rpmyers1 | 05/23/05
this is funny  zeusfuse | 05/23/05
More of what hacks? So far all of this seems to be  Laff | 05/23/05
That's the funniest part about all this mudslinging  Jeff Spicoli | 05/23/05
Theoretical - AND EASY  rpmyers1 | 05/23/05
Which is what is being worked on as we speak is it not?  Laff | 05/24/05
Have you ever noticed...  alterego_z | 05/23/05
hmmm  IT Scion | 05/23/05
I'm uninstalling Tiger today  dzash2000 | 05/23/05
Apple, What were you thinking?  4pvl | 05/25/05
out of Microsoft's book  Apple ipod | 05/26/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Meet Doc