Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Mac OS X With Installer Packages

Posted by ryuzaki0 on from the why-not-to-run-as-admin dept.

nezmar writes, "MacGeekery has a short but insightful piece with examples on how to use a malformed Installer package (.pkg) on Mac OS X to 'insert user accounts with administrator rights and change root-owned system configuration or binary files without prompting the vast majority of Mac OS X users for a password of any kind.'" The article notes that this issue was brought up on the Apple Discussion Boards 6 weeks back and that it was noted there as a duplicate / known issue. It also gives as an example the installation of Parallels, the popular virtualization software, which uses the described technique, but not for nefarious purposes.

2 of 194 comments (clear)

  1. Re:Let me get this straight ... by Nutria · · Score: 1, Flamebait
    So, when you're logged in as admin, and you install a package, that package can add whatever is in that package. Isn't that how it is supposed to work?

    I'm not seeing the problem here. Am I missing something?

    I'm with you on this. Having Administrator power is supposed to let you do dangerous things.

    From the article:
    do not run as an admin user for daily activities.
    Well, duh!!! Only Windows users are that stupid, right?

    --
    "I don't know, therefore Aliens" Wafflebox1
  2. Re:Let me get this straight ... by tm2b · · Score: 0, Flamebait

    Er, yeah, right. Try checking out some college rhetoric courses instead of junior high school grammar.

    So have you stopped beating your wife?

    --
    "It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny