Slashdot Mirror
Apple Responds to Exploit
Dave Schroeder writes, "This isn't so much of a root vulnerability as a default configuration that trusts the integrity of the local network services. This functionality has been around since NeXTSTEP, and is designed to allow for auto-configuration of new servers/machines brought into the network. The quick 'fix' for the vast majority of users who choose to implement it is to uncheck LDAPv3 and NetInfo altogether in Directory Access. Or, if LDAP services are used, just uncheck 'Use DHCP-supplied LDAP Server' in LDAPv3. ... One could argue that these features should be off by default, but if they are, it kind of wrecks the whole auto-configuration scheme." This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.
Realistically, an issue trusting the LDAP server that your DHCP server points you at?
What is the world coming to?
Do I need to manually verify every single setting supplied to me by my DHCP server because I don't trust it?
These days, the internet is not a safe place, we all need to be more than just a little paranoid - but are you paranoid enough?
Visit CryptoGnome in his home.
No matter what sort of spin Apple puts on it, it's still retarded of them to trust LDAP to the point that UID=0 is trusted to be root.
Still, I don't think that this exploit is really that easy to take advantage of... the circumstances which would lead to it are fairly limited for now (until WiFi is as pervasive as air, anyway).
This is horrible... First the machine comes with a pre-configured backdoor/exploit, and they want to leave it like this? Second, if you can just plug in the machine in a network, and have it totally configure itself, you've just killed a job for an IT guy... and we need all the jobs we can get...
;)
Oh, wait... once the new machine gets owned by some script kiddies, then the IT guy gets called... okay... phew... nearly thought that a job was eliminated... nevermind... as you were...
---
Programming is like sex... Make one mistake and support it the rest of your life.
...it's about *how it's handled*.
All software is, and will continue to be for the forseeable future, vulnerable. The question for the users and security people is, "How will company x handle themselves when a vunlerability is discovered in their product?"
This question, and its answer, is the most important issue when deciding who you trust with your data.
dmiessler.com -- grep understanding knowledge
really, from apples docs, you have to have a malicious dhcp server on your subnet. of course, someone could bring a rogue box into work, but this isn't on par with ms exploits. wouldn't a simple mac address filter at the switch level take care of all this. yeah, you could instal dhcpd on your authorized client, but this should also be a fairly easy thing to detect. i think apple is right, it's a configuration level solution.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
Yeah but there explanation seems like they are talking with you, and instead of at you.
I feel like Steve Jobs just bought me a drink and explained the problem, then gave me a hug when it was time to go home.
I'll miss him.
In many discussions, people downplay the importance of exploits like these because the attacker has to be on your local network to take advantage of the security hole. What about all of the mis-configured (or deliberately) open wi-fi networks out there? I think that wireless networking has changed the importance of "local exploits" by allowing somebody passing by to become a local entity on an open wi-fi network.
This problem seems little worse than other problems related to DHCP. If someone had access to your subnet and was able to configure a rogue DHCP server (e.g. to exploit the OS X ldap bug) they could just as easily return a rogue proxy as the default gateway or a tainted DNS server. If you are not vigilant about SSH warning messages or best practices you could be connecting to a server which is just recording your password and passing it along to the real server.
There may be something I missing, but this does not seem to be a problem with Mac OS X as much as it is with DHCP. DHCP in its simplest form is not secure. Using DHCP on a subnet requires trust. As with any other kind of security you will have to trust something, whether it is your computer or your home network.
I hope people do not blow this bug out of proportion too much.
A friend of my brother's recently found this one in OSX: Link to his blog entry about it
Not SO bad, but could be bad, and it's considerably more dangerous for known Unix nerds.
Besides, if it's possible for someone to sneak a compromised DHCP server on your network, you're basically screwed anyway.
The janitors in my bank building could probably do this on multiple networks on multiple floors with ease. Heck, just drop a decently modded dreamcast under a secretary's desk or anywhere you can find a ethernet drop and weak switching.
You fool, have you even tried using a Mac lately? No? Just what I thought.
I'm a tech support (24+ years) who will have nothing but Macs in my house. Why? Because they work, don't crash, and my wife and son can't fuck them up.
After spending all day fixing other people's computer problems, the last thing I want to do at home is fix my own.
I'll stick with Macs.
This sounds related to a great new feature in Mac OS X Server 10.3/Xserve called "automatic setup" that -- for machines that come with it preinstalled -- will get their address and LDAP server via DHCP and look for configuration files, and automatically configure the entire server, without any interaction beyond plugging it into the network and turning it on.
Slashdotter A: "Are we being sarcastic?"
Slashdotter B: "I can't even tell anymore."
I'd find the "Microsoft security vulnerabilities are the fault of ease-of-use" argument a little more valid if Microsoft's software were actually vulnerable due to useful features.
For example, the messenger service isn't used by anyone by spam senders, e-mail scripting was never a useful device to anyone, and a fragile, naked file system doesn't lend itself to easy usage anyway. A web browser that can be told to run arbitrary code due to a buffer overflow is not vulnerable because it is easy to use, but because it is poorly written. The autodetection of hardware and updating of drivers is very easy to use, and has (as far as I know) never been the source of an exploit.
You can both have security and ease-of-use... Just design a closed system with very limited purposes. A Hub, for example, is extremely easy to use, and has few possible points of security vulnerability. Routers, on the other hand, are frequently a bit archaic in their setup and get hacked all of the time.
That's not to say that your point is invalid, but that there are other factors involved... Flexibility, control, effort, etc.
I guess the point of this is that if I have to re-install windows or edit the registry again before Christmas I'm buying myself an iMac.
The ______ Agenda
Besides, if it's possible for someone to sneak a compromised DHCP server on your network, you're basically screwed anyway.
I have mod points, but I had to respond.
This is so true. Many organizations beyond a few (10-20 or so) computers do not have good physical security. Anyone can easily place a rogue node on a network and wreak havoc.
This happened recently at my school. Someone setup a DHCP server that responded faster than the school's Netware systems could. This seemed to be accidental because the configuration was all over the place, and didn't work at all. The techs have been investigating this for a few weeks and I'm not sure if they have found it yet.
While my above example didn't cause any harm, imagine if someone was to setup a DHCP system and also took advantage of IE's "autodetect proxy settings" feature. They could be almost undetectable, yet be able to log all Internet traffic by redirecting the proxy and default gateway through their box.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
No, the parent is right. The security holes in MS products are all about ease-of-use; just to the cracker, though, not the user.
The world can be wrong today for once.
Universal Plug and Play.
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
Before anyone says "macinista", I've been using computers all day every day for 25 years now (since i was eight or so), and was a commodore man if you must know. I only got my first mac about two years ago. However, I will no longer have anything but a mac in my house because MacOS X based macs do everything I need - including a high quality X server - and never, ever, break. I'm a Solaris admin all day for a very large company. I don't want to hassle with munged computers at home. I prefer to farm.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
I work tech support, and if I had a dollar for every Windows owner that didn't understand the difference between right and left-clicking I could buy Slashdot and every AC posting to it.
Ah ahem, several storage servers like Snap and etc also come with this 'feature'..
and those run Linux...
Don't Tread on OpenSource
"For example, the messenger service isn't used by anyone by spam senders"
System administators have used it for years. It's only recently that the spammers have decided to use it. That's why Microsoft is disabling the service by default in XPSP2.
"fragile, naked file system"
I don't honestly know what you are talking about. NTFS is a journaling filesystem with some very strong features. Metadata for every file, unlimited alternate data streams (Microsoft's version of the HFS data/resource forks, but you can have as many as you want), strong security permissions that even the OS obeys that can be applied on a per-user basis with inheritance and an allow/don't allow/deny system. NTFS one of the strongest attributes of Windows. Now, the permissions aren't set strict enough out of the box (and most users make their account part of the Administrators group - just like running as root all of the time).
Imagine how a Linux system would hold up under the following situation:
- User always running as root, even when they don't have to
- User downloading and executing unknown code from random locations (screensavers, shareware, warez)
- User installing software that is bundled with programs that spy on them / mess up their system
- User never patching their system, even though the OS can do it automatically
- User not using a password on their system in many cases
- User downloading and executing unknown code (in email attachments) even though system warns of extreme security risk
- User not using firewall even though it is built into the OS
Now, Microsoft could do more:
- No mail client should even be able to execute attachments. Even with a security warning. I do believe that Outlook Express now prevents you from executing attachments at all unless you uncheck a box hidden in some configuration dialog.
- The firewall should be on by default. XP SP2 fixes this.
- Users shouldn't run as root all of the time. Perhaps a warning when they log on would be helpful. The setup wizard already creates non-root users, but most people don't use them. I don't think users are adequtely informed of the security risks of running as root.
- Windows should come with an antivirus solution. Something integrated and transparent. Sometimes, you need to run untrusted code, and an good antivirus program can help reduce the threat.
- Windows should have more restrictive permissions by default. Currently, non-root users can write to "program files" and potentially destroy software (although not the OS).
Finally, some things that are good:
- As I said before, the permissions system is very good
- Windows File Protection is good for those stupid installers that try to overwrite system libraries
- Systm Restore is nice for those people who are too cheap or lazy to have a real backup solution
- Automatic updates are nice - if only people would use them
- Driver rollback is nice for nuking "crap rev" drivers
"I guess the point of this is that if I have to re-install windows or edit the registry again before Christmas"
If you do the following things, you won't have to:
- Don't run as root (administrator) unless you absolutely must
- Don't download and execute unknown code unless you have scanned it with an antivirus. Don't run it as root unless you absolutely must (many programs will install as nonroot)
- Turn on the XP firewall
- Run a spyware detection tool such as ad-aware or spybot to get rid of the crap
- Install the latest patches and service packs
Basically, use common sense. If Windows users would realize that, no, your computer *is not* a toaster and it *does* require a bit of work to keep it secure, there would be many fewer viruses and worms.
Second, if you *ever* have to edit the registry, you're doing something very wrong. That's like saying that you should dismantle your entire car because one of your headlights is out.
Good advice overall, which any computer user should abide by. However, I'd like to point out a few things.
First of all by "file system," I had meant the organizational file heiarchy in Windows, the portion that the OS sees. You can still break all of the links to a program by, for example, re-naming a folder. Many programs fail to work if installed on something other than the C: drive... Many of these are Microsoft's programs. The Windows folder is a hodgepodge of thousands of items, some of which are protected and some of which aren't, but few of which are intelligently laid out for either the user or the programmer. I agree that NTFS is a much better file system than Fat32 was (though the fact that Windows XP doesn't support 160 GB drives out of the box is pretty shameful), but what the OS does with it is shabby.
Second, if you *ever* have to edit the registry, you're doing something very wrong. That's like saying that you should dismantle your entire car because one of your headlights is out.
Actually, some programs treat registry settings like they were a preferences dialog. Zone Alarm, for example, like thousands of other pieces of software has an annoying splash screen that appears every time your computer boots, and the only place the preference exists is in the registry. Program registrations need to be backed up from and occasionally restored to the registry... It's just a bad idea to keep your copy restriction authentication and your preferences in the same structure, but that's exactly what Microsoft designed.
As a game developer, and an out-of-work one at that, Windows does need to be reinstalled every 6 months or so... If the constant flow of test games doesn't get you, the constant flow of uninstallers will. Rolling back to restore points is useful, but A: it doesn't always work and B: it doesn't address the cumulative damage of accrued extensions.
As an addition to your suggestions, the user needs to check what icons are in the bottom-right hand corner of their screen, and shut off what isn't needed. Many people I have spoken too don't realize that those are applications and not just quick-launch shortcuts.
The ______ Agenda