Month of Apple Bugs - Day 5

05 Jan 2007, 19:24 PST

Ever feel like you're watching a game of table tennis? I've never been very good at the game ...

Today's Month of Apple Bugs issue permits a local admin account to gain root access, without any user interaction (ie, an authorization dialog), by exploiting a combination of vulnerable disk permissions and Disk Utility's repair permissions functionality.

When coupled with a remote exploit, such as the Month of Apple Bug's Quicktime RTSP URL Handler vulnerability (patched in the current Moab Ape), today's bug could allow the remote exploit to gain immediate root without any user interaction.

Due to the nature of the bug, a safe runtime patch is not viable without modifying on-disk file permissions.

If you'd still like to protect yourself, the Month of Apple Bugs project provides a temporary work-around in their advisory:

sudo chmod -s /System/Library/PrivateFrameworks/DiskManagement.framework/Resources/DiskManagementTool

This may have an impact on other Disk Utility functions -- you can reverse the work-around as follows:

sudo chmod +s /System/Library/PrivateFrameworks/DiskManagement.framework/Resources/DiskManagementTool

Update on the QuickTime Cross-Zone Issue

I'm pleased as punch to report that the terrific WebKit team is looking into the issue.

Darwin ... Ports! Ports!

A number of publications have done the architects of Darwin a disservice by stating that I'm "one of the principal architects of Apple's BSD-based Darwin operating system core". I just want to set the record straight: I originally wrote DarwinPorts (now MacPorts), with Kevin Van Vechten and Jordan Hubbard. Darwin was architected by minds far brighter than my own.