Rogue Source Code Repos Can Compromise Mac Security Due To Old Git Version

An anonymous reader writes: Recent Mac versions come bundled with a very old version of Git (2.6.4) that is vulnerable to two security flaws that allow attackers to execute code on the device when the user forks a Git repo holding "malicious" code. The problem is that users can't upgrade this Git repo, they can't change its runtime permissions, nor can they remove it because Apple blocks even root users from twiddling with some system-level programs. "If you rely on machines like this, I am truly sorry. I feel for you," the researcher wrote on her blog. "I wrote this post in an attempt to goad them [Apple] into action because this is affecting lots of people who are important to me. They are basically screwed until Apple deigns to deliver a patched git unto them."

Re:Ahahahahaha

[NicknameUnavailable]

A flaw is a flaw and a shitty solution to have to implement is a shitty solution to have to implement. Get off Steve Jobs' necrotic dick.

Re:Compile and path

[fnj]

OS X resets PATH to the system defaults stored in /etc (which you can't edit for the same reason you can't update git) on anything launched by launchctl

This illustrates why horse-shit abortions tacked onto unixoids (launchd, systemd, SELinux, AppArmor, NetworkManager, PulseAudio, etc) get in the way and impede what people who know what they are doing (or TRYING to do) at least as much as they may satisfy some developers' wet dreams.