electro-music.com   Dedicated to experimental electro-acoustic
and electronic music
 
    Front Page  |  Radio
 |  Media  |  Forum  |  Wiki  |  Links
Forum with support of Syndicator RSS
 FAQFAQ   CalendarCalendar   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   LinksLinks
 RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in  Chat RoomChat Room 
 Forum index » News... » Apple Computers
Security Researcher Slams Mac OS X
Post new topic   Reply to topic
Page 1 of 2 [50 Posts]
View unread posts
View new posts in the last week
Mark the topic unread :: View previous topic :: View next topic
Goto page: 1, 2 Next
Author Message
paul e.



Joined: Sep 22, 2003
Posts: 1567
Location: toronto, canada
Audio files: 2

PostPosted: Fri Jan 27, 2006 12:18 am    Post subject: Security Researcher Slams Mac OS X Reply with quote  Mark this post and the followings unread

http://www.sci-tech-today.com/story.xhtml?story_id=122000449LAM

i hate to be the bearer of bad news.. it was inevitable, i suppose, as Apple becomes a more juicy target for bug-writers etc


Security Researcher Slams Mac OS X for 'Ancient Flaws'

January 26, 2006 4:59PM

"Apple's impressive security record is likely to be tarnished if the company continues to grow its market share while undervaluing security researchers and not properly auditing its code," said security researcher Neil Archibald.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
paul e.



Joined: Sep 22, 2003
Posts: 1567
Location: toronto, canada
Audio files: 2

PostPosted: Fri Jan 27, 2006 12:23 am    Post subject: Reply with quote  Mark this post and the followings unread

should we put a 'virus protection' section in the proposed new Apple section ??

joking, but i am concerned..i have enjoyed 10 years of Mac usage without a single virus and it would not be fun to have to mess around with all that greasy kids stuff that runs in the background, or keep my mac off the 'net forever

_________________
Spiral Recordings
Back to top
View user's profile Send private message Send e-mail Visit poster's website
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Fri Jan 27, 2006 1:45 am    Post subject: Reply with quote  Mark this post and the followings unread

This isn´t exactly new news.
Quote:
Apple's impressive security record is likely to be tarnished if the company continues to grow its market share

This is an old one.

As for the code-auditing, well.. Apple is a company like the rest of them. Perfection is the one thing you wouldn´t expect from a computer company.

Another matter is that security issues aren´t always security issues. Many of the recent OS X security alerts haven´t really been relevant for ordinary users. Some issues have been academic rather than vitally important for ordinary users.

I must say that even though Apple has done a great job setting up OS X for max security at first-install-time, I am not pleased with how security measures aren´t being communicated to novice OS X users. That said, Microsoft isn´t doing this either, but still..

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Fri Jan 27, 2006 1:49 am    Post subject: Reply with quote  Mark this post and the followings unread

paul e. wrote:
.i have enjoyed 10 years of Mac usage without a single virus and it would not be fun to have to mess around with all that greasy kids stuff that runs in the background, or keep my mac off the 'net forever


I have seen a lot of shit. Way back in 96 we had this silly timed detonator that would wipe disks and more. It was a trojan for OS 9. All this basically stopped when OS X became popular.

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Fri Jan 27, 2006 2:45 am    Post subject: Reply with quote  Mark this post and the followings unread

elektro80 wrote:
Some issues have been academic rather than vitally important for ordinary users.


That holds true for many security issues and these are very hard to judge for nearly all people. If some researcher finds a theoretical attack against some encryption algorithem that's limited to certain keylengths with reduced rounds then many people will immediately go scream stuff like "AES cracked!" which is of cource a bit exagerated. I'd bet my life on a proper AES implementation, it's likely many of you are betting your life's savings on it or something similar.

Still; a few accedemic issues here and there can suddenly become linked by new discoveries and avalanche into some seemingly minor bug exploding into a huge deal. Therefore I think that while it'd be silly to go treat OSX as insecure it's still important to apply fixes for accedemic sounding weaknesses.

Another issue is that the single largest weakspot is always people. You don't need a script if you can convince people to manually install a program (see the attched loveletter to you personally....). OSX is certainly more secure then XP but are it's users less likely to install a seemingly usefull utility without references? I never had a virus either but that's due to paranoia, if you stick to this concept of some magic protection induced by buying Mac's you're going to get fried sooner or later.

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
GovernorSilver



Joined: Apr 26, 2004
Posts: 1349
Location: Washington DC Metro
G2 patch files: 1

PostPosted: Fri Jan 27, 2006 1:45 pm    Post subject: Reply with quote  Mark this post and the followings unread

OSX runs on a Unix kernel.

The first viruses were written for Unix.

No OS is 100% secure.

None of the above is a shocker....
Back to top
View user's profile Send private message Visit poster's website
paul e.



Joined: Sep 22, 2003
Posts: 1567
Location: toronto, canada
Audio files: 2

PostPosted: Fri Jan 27, 2006 9:14 pm    Post subject: Reply with quote  Mark this post and the followings unread

i should mention that in those 10+ years of virus-free operation, i never had any virus protection or firewalls installed...

now, i guess they will be standard fair in OSX

_________________
Spiral Recordings
Back to top
View user's profile Send private message Send e-mail Visit poster's website
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Fri Jan 27, 2006 9:25 pm    Post subject: Reply with quote  Mark this post and the followings unread

You already have a wonderful firewall installed on your OS X box. It is included in the basic installation.
_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
paul e.



Joined: Sep 22, 2003
Posts: 1567
Location: toronto, canada
Audio files: 2

PostPosted: Fri Jan 27, 2006 9:36 pm    Post subject: Reply with quote  Mark this post and the followings unread

i'm still using os 9 !! Very Happy
Back to top
View user's profile Send private message Send e-mail Visit poster's website
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Fri Jan 27, 2006 9:38 pm    Post subject: Reply with quote  Mark this post and the followings unread

Laughing

Then you are safe for now.

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
seraph
Editor
Editor


Joined: Jun 21, 2003
Posts: 12398
Location: Firenze, Italy
Audio files: 33
G2 patch files: 2

PostPosted: Sat Jan 28, 2006 1:33 am    Post subject: Reply with quote  Mark this post and the followings unread

paul e. wrote:
i'm still using os 9 !! Very Happy

I can't believe it Shocked come on, move up, be modern Very Happy

_________________
homepage - blog - forum - youtube

Quote:
Don't die with your music still in you - Wayne Dyer
Back to top
View user's profile Send private message Visit poster's website
brinxmat



Joined: Oct 24, 2005
Posts: 262
Location: Norway

PostPosted: Sat Feb 11, 2006 3:20 pm    Post subject: Reply with quote  Mark this post and the followings unread

Just a thought: if the viruses on *NIX are so widespread, that must mean that they can take over the whole box from root without a password — just like Windows — rather than the relevant user domain — like *NIX.

And if the virus can't execute outside userland, then it can't harm the system — just like *NIX, and not like Windows.

Remember to have strong passwords, people. "No OS is 100% secure", but *NIX with strong passwords makes the opposition look more tempting.

And if you're root, make sure you know wtf you're doing. Virus at root is seldom due to anything other than root being a fwit.

_________________
-- Say "&Eth;onne hit wæs hrenig weðer"
Back to top
View user's profile Send private message
brinxmat



Joined: Oct 24, 2005
Posts: 262
Location: Norway

PostPosted: Sat Feb 11, 2006 3:23 pm    Post subject: Re: Security Researcher Slams Mac OS X Reply with quote  Mark this post and the followings unread

paul e. wrote:
bug-writers etc


You mean the people at Redmond, no?
Back to top
View user's profile Send private message
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Sat Feb 11, 2006 3:30 pm    Post subject: Re: Security Researcher Slams Mac OS X Reply with quote  Mark this post and the followings unread

brinxmat wrote:
You mean the people at Redmond, no?


People??? Shocked

Listen, Redmond is a Cylon territory.

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
brinxmat



Joined: Oct 24, 2005
Posts: 262
Location: Norway

PostPosted: Sat Feb 11, 2006 3:48 pm    Post subject: Reply with quote  Mark this post and the followings unread

Cylon. I loved that series. Are they making a new one?
_________________
-- Say "&Eth;onne hit wæs hrenig weðer"
Back to top
View user's profile Send private message
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Sat Feb 11, 2006 5:06 pm    Post subject: Reply with quote  Mark this post and the followings unread

Yes. The new Battlestar Galactica is really cool. I never liked BG-TOS, but this one is good.
_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sat Feb 11, 2006 5:23 pm    Post subject: Reply with quote  Mark this post and the followings unread

brinxmat wrote:

Remember to have strong passwords, people. "No OS is 100% secure", but *NIX with strong passwords makes the opposition look more tempting.

And if you're root, make sure you know wtf you're doing. Virus at root is seldom due to anything other than root being a fwit.


One critique I read on OSX security was that too many actions demanded a root password. Your analysis seems correct but remember that one of the big Windows virususes, the "I love you" one depended on a social engineering trick. You don't *need* to crack a password if you can trick users into typing it in themselves, much like you don't need a script if you can convince people to manually execute your attack, thinking they'll get a loveletter.

Last time you gave your root password, did you read the source for what you were installing? Did you verify the certificates of the website it was claiming to come from?

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
brinxmat



Joined: Oct 24, 2005
Posts: 262
Location: Norway

PostPosted: Sun Feb 12, 2006 3:52 am    Post subject: Reply with quote  Mark this post and the followings unread

Note: Throughout this, I say "root", but mean "superuser"; the root account is off by default in os x.

Quote:

One critique I read on OSX security was that too many actions demanded a root password.


To some extent, I agree, but the real problem is the extent of the scope of a password. Consider that you want to change the ownership of a folder to root (I assume you're admin):

"chown root FolderName" will not work, you need to have su privileges to change the owner. So, you enter: "sudo chown root FolderName". The system asks for your password. You want to change the folder back to you, you enter "sudo chown your_username FolderName". What happens? You don't have to enter a password. In fact, the scope of the sudo is now unlimited. Weird.

To alleviate this problem, issue all terminal commands via a third-party interface like freeware CLIX (http://www.rixstep.com/4/0/clix/)

Another problem is piggybacking

Look at what you write again:

Quote:

…too many actions demanded a root password.


This is a bit odd, actually. If assigning root is designed to prevent unauthorized access to your system, then what commands will be protected? In a typical user scenario, a user will rarely enter a password; in an administrator scenario, you have to wonder why they are sudo-ing so often — what is it that they are doing that requires root? Surely they can't be running system setup all the time. Typical system management shouldn't require root, just admin privileges. If you turn off the root requirement, your system has a lot of potentially harmful commands that are now unprotected. What commands require root? Anything outside the domain of the active user, anything that operates on root and anything specifically flagged as a root command (and that isn't much).

A of rootables list from http://www.iodynamics.com/education/root101.html


    Adding, modifying, and deleting users from the system
    Changing and overriding user passwords
    Installing new programs and utilities
    Starting and stopping system services
    Setting up boot managers, such as GRUB and LILO
    Hardware and device driver configuration
    Mounting file systems
    Modifying system-level properties, such as network settings, web services, and e-mail configurations
    Performing remote reboots (though this may vary from system to system)


Which of these should you be doing every day? And which shouldn't require root?

Quote:

the "I love you" one depended on a social engineering trick. You don't *need* to crack a password if you can trick users into typing it in themselves, much like you don't need a script if you can convince people to manually execute your attack, thinking they'll get a loveletter.


Again, should root display this level of incompetence?

Quote:
Last time you gave your root password, did you read the source for what you were installing? Did you verify the certificates of the website it was claiming to come from?


In short, no. The last time I installed something that required an Admin password, it was from Apple. Otherwise, I tend to not install stuff that requires a password.

The question is: what sort of software requires a password for installation? Stuff that can quite happily live in userland doesn't. If it requires a password, then you can safely assume that it is going to modify parts of the system that you don't otherwise have access to. Is that something that you want anyway? I looked at the installer options for Apple's PackageMaker: the "require password" option can be used without any function, and I reckon that this is what is going on, mostly. In all other cases, you have to wonder why it is necessary to deliver software in anything other than a bundle in a dmg. I don't want badly written stuff littering my system (ad it is generally the badly written stuff that requires the password): when you install the software for your mobile 'phone, and it overwrites system files with older versions, is this a good thing?

_________________
-- Say "&Eth;onne hit wæs hrenig weðer"
Back to top
View user's profile Send private message
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sun Feb 12, 2006 4:32 am    Post subject: Reply with quote  Mark this post and the followings unread

Ok, I have to admit I mainly went by one article there and your own analysis contrasts that. The only time I needed a OSX rootpassword was when I tried installing a MIDI box on a friend's computer. In a rare display of being sensible (for normal users, that is) she came from the kitchen, typed it in without telling me and I went on with the install.

One note though; you point out "should root display this level of incompetence?" and clear he shouldn't but "root" is just a person, probably the same person that forwards the funny emails. It's still somewhat implied that "root" is a experienced system admin that controlls the computer to which mere mortals can log on but that way of sharing computers has passed. These days it's more common that a single user has several computers.

Either way; I maintain that computer security isn't just a matter of installing the right OS; it's very much a continuing process and based heavily on people themselves. From that perspective OSX need not be more invulnerable then other systems. I trust you will be fine but I think there are many users that are vulnerable to that sort of thing.

About strange root behaviour; I ran into some weird trouble on my Linux box here. I had some files that came on it from my Windows laptop and that bad previously be on a cd. Windows marks everything ona cd as "read only", even if you copy it to your HD and Linux had picked up on that tag. So, my normal login couldn't move those to the trash. Actually, I wasn't allowed to change that either. Perhaps there is a better solution but the only thing I could think of was opening a root terminal, going to the dir and manually errasing those files as root. That's a bit silly....

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
brinxmat



Joined: Oct 24, 2005
Posts: 262
Location: Norway

PostPosted: Sun Feb 12, 2006 8:34 am    Post subject: Reply with quote  Mark this post and the followings unread

I didn't mean to sound arsy! I was just adding my 2p-worth. Here's some more Smile

Quote:
The only time I needed a OSX rootpassword was when I tried installing a MIDI box on a friend's computer.


Often this kind of thing requires some low-level system doodadery (a technical term, with which I'm sure you will be familiar) such as kernel extensions. These kind of things are rarely necessary and indicate that a product's software is poorly programmed. Read the caveats on KEXTs in Apple documentation, otherwise, low-level stuff can be OK, but maybe it should be installed in a local directory. This is just an opinion, but I think you see what I'm getting at (does the license for the software apply for multiple users anyway?)

Quote:
In a rare display of being sensible (for normal users, that is) she came from the kitchen, typed it in without telling me and I went on with the install.


After a single dressing-down, most users get the point about security: this can only be a good thing.

Quote:
…"root" is just a person, probably the same person that forwards the funny emails. It's still somewhat implied that "root" is a experienced system admin that controlls the computer to which mere mortals can log on but that way of sharing computers has passed. These days it's more common that a single user has several computers.


I disagree: a few years ago I had only had experience of single-user systems (Windows and OS 9). I migrated away from these to RedHat, and subsequently to OS X. This experience has made me very aware of the benefits of accounts on computers: especially as much of my life is transacted online. In fact it is this latter point that makes me especially suspicious of Windows: there is no security beyond the perimeter; if the muck gets in, it's over.

Quote:

Either way; I maintain that computer security isn't just a matter of installing the right OS; it's very much a continuing process and based heavily on people themselves. From that perspective OSX need not be more invulnerable then other systems. I trust you will be fine but I think there are many users that are vulnerable to that sort of thing.


I agree that security is about attitude: you need to know what precautions you need to take, but OS X is tight from the word go. Linux needs to be configured to close vunerable ports. Windows is just insecure.

Quote:

About strange root behaviour; I ran into some weird trouble on my Linux box here. I had some files that came on it from my Windows laptop and that bad previously be on a cd. Windows marks everything ona cd as "read only", even if you copy it to your HD and Linux had picked up on that tag. So, my normal login couldn't move those to the trash. Actually, I wasn't allowed to change that either. Perhaps there is a better solution but the only thing I could think of was opening a root terminal, going to the dir and manually errasing those files as root. That's a bit silly....


Where I am currently working, they use Windows and only Windows, but someone had been to a seminar where the course materials were distributed in Mac format (OS 9). The user had saved these to a server, resource forks and all. The system admin rang me up (I have the only Mac on the network) to ask if I could delete the "Macintosh files" (resource forks) because they couldn't do it through Windows (even as Administrator). That's bizarre.

This is an inherent weakness in the *NIX privileges system. I saw an article about how to change the privileges system from the standard *NIX methodology to a different way of doing things using standard command-line tools. I think that I can put up with some idiosyncracies to avoid that kind of work!

Minimization of privileges is a lot of work, and there are programs out there to deal with this (among others from the Norwegian MaXware). The *NIX privileges system is difficult to use and manage effectively and efficiently; the NTFS system is probably even less user friendly.

For a single-user or home system, privileges get in the way in a few instances (like your CD), and I have experienced the same on the Mac (mostly program Temp files). Nonetheless, I prefer having to use sudo occasionally to viruses, spyware and trojans invading my computer. Maybe the ISO-CD standard should be changed to make privileges on CDs more controlled, and maybe software authors should stop making their temp files' owners something other than the current user.

_________________
-- Say "&Eth;onne hit wæs hrenig weðer"

Last edited by brinxmat on Sun Feb 12, 2006 12:51 pm; edited 1 time in total
Back to top
View user's profile Send private message
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Sun Feb 12, 2006 9:09 am    Post subject: Reply with quote  Mark this post and the followings unread

Perhaps a tad OT, but anyway. When using network file servers, you will pretty soon discover that the various OSes have very different ways of handling file access permissions. ( This does not always mean "better" ways aren´t possible, but simply that the admin hasn´t used what is really available. ) UNIX based OSes have been served well by the standard POSIX permission model of read, write, and execute, but it is starting to show its age. The sticky bit and various special modes have been added over time.
OS X now has ACL, as well as DAC and SCL support built in. It should be stressed that the OS X implementation is not directly a POSIX ACL model, but rather more like what can be found in MS Windows ACL model. The obvious benefit is that OS X is now "ditrectly" compatible with Windows filesystem ACLs. It must of course be noted that OS X when evaluating ACEs ( access control entries ) it will combine ACL ( access control list ) with any POSIX rights it finds for a user or group. When there are no ACEs, then OS X defaults to a POSIX only evalution of permissions. Another matter is that any "deny" will override any "allows" which is a reasonable behaviour. There is of course more to this but I guess this is of little interest in this thread. The Apple website has some white papers on this somewhere and the APPLE OS X DEV pages are great read anyway.

_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
mosc
Site Admin


Joined: Jan 31, 2003
Posts: 18197
Location: Durham, NC
Audio files: 212
G2 patch files: 60

PostPosted: Sun Feb 12, 2006 11:48 am    Post subject: Reply with quote  Mark this post and the followings unread

Yes, there should be an open standard for ACL and all that that all OSes support.
_________________
--Howard
my music and other stuff
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address
elektro80
Site Admin


Joined: Mar 25, 2003
Posts: 21959
Location: Norway
Audio files: 14

PostPosted: Sun Feb 12, 2006 12:09 pm    Post subject: Reply with quote  Mark this post and the followings unread

Open standard for ACLs..? Well, truth is that most "old" nixes have this kinda integrated over time because the old POSIX model clearly wouldn´t cope with more advanced permissions scenarios most admins would face in reallife server deployments. The current OS X model is one of the better around at this stage and the path chosen by the developers at Apple is a fairly sensible one. It is also well documented. There is still room for growth and development but the model itself is sound. Another point to make is that OS X now has this new permissions model implemented on OS level and it is not simply an improvised part of the filesharing APIs.
_________________
A Charity Pantomime in aid of Paranoid Schizophrenics descended into chaos yesterday when someone shouted, "He's behind you!"

MySpace
SoundCloud
Flickr
Back to top
View user's profile Send private message Visit poster's website
Kassen
Janitor
Janitor


Joined: Jul 06, 2004
Posts: 7678
Location: The Hague, NL
G2 patch files: 3

PostPosted: Sun Feb 12, 2006 12:55 pm    Post subject: Reply with quote  Mark this post and the followings unread

brinxmat wrote:

Quote:
…"root" is just a person, probably the same person that forwards the funny emails. It's still somewhat implied that "root" is a experienced system admin that controlls the computer to which mere mortals can log on but that way of sharing computers has passed. These days it's more common that a single user has several computers.


I disagree: a few years ago I had only had experience of single-user systems (Windows and OS 9). I migrated away from these to RedHat, and subsequently to OS X. This experience has made me very aware of the benefits of accounts on computers: especially as much of my life is transacted online. In fact it is this latter point that makes me especially suspicious of Windows: there is no security beyond the perimeter; if the muck gets in, it's over.


Well, if you insist you may disagree, but I think we are saying the same thing. I'm in favour of multiple account systems, I actually have a guest account on this box. What i was hinting at was that while "root" seems to imply a certain role and a certain expertise, it's often the same physical person, just under a different name.

Just read it back, it was realy just a very small side note and in complete agreement with your take.

_________________
Kassen
Back to top
View user's profile Send private message Send e-mail Visit poster's website
brinxmat



Joined: Oct 24, 2005
Posts: 262
Location: Norway

PostPosted: Sun Feb 12, 2006 1:07 pm    Post subject: Reply with quote  Mark this post and the followings unread

elektro80 wrote:
When using network file servers, you will pretty soon discover that the various OSes have very different ways of handling file access permissions. ( This does not always mean "better" ways aren´t possible, but simply that the admin hasn´t used what is really available. )


This was my point about NTFS — it doesn't get used. I reckon this might be because Admins still don't get the usefulness of a secure approach, combined with its lack of user friendlyness. I generally see that permissions for documents and their containers are controlled, but not executables. The bizarrest thing is the flourishing of so-called document-control systems — cf. ProArc and Green Pasture — which (especially the latter) take weird steps towards doing the job of server admin/privileges and the client file manager. (Yes, they add a bit more to a typcial set-up, but not more than a few plug-ins manage to add for free — and if you want real version control, you need CVS or subversion).

elektro80 wrote:
OS X now has ACL, as well as DAC and SCL support built in.


Do these help the average user, on a single system? Their application is not easily managable. Does Apple provide any sensible tools for privileges management?

elektro80 wrote:

The Apple website has some white papers on this somewhere and the APPLE OS X DEV pages are great read anyway.


I couldn't agree more. If only I had the time.

_________________
-- Say "&Eth;onne hit wæs hrenig weðer"
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic
Page 1 of 2 [50 Posts]
View unread posts
View new posts in the last week
Goto page: 1, 2 Next
Mark the topic unread :: View previous topic :: View next topic
 Forum index » News... » Apple Computers
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Forum with support of Syndicator RSS
Powered by phpBB © 2001, 2005 phpBB Group
Copyright © 2003 through 2009 by electro-music.com - Conditions Of Use