Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability
From: "Brian K." <codesamurai () mac com>
Date: Thu, 19 May 2005 11:07:43 -0400

The issue is *any* application shouldn't have the ability to gain administrative control (by waiting for sudo [intended for something else] to be done).

Self correction/elaboration note: Sorry, that was a tad terse to the point of being incomplete. It was intended to be framed in the context of what was already discussed in this thread. (i.e. something else doing the sudo intended for its own purposes, etc., all of which everyone is already well aware of.)
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]