Full Disclosure mailing list archives

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability

From: "Brian K." <codesamurai () mac com>
Date: Thu, 19 May 2005 11:07:43 -0400

The issue is *any* application shouldn't have the ability to gainadministrative control (by waiting for sudo [intended for somethingelse] to be done).

Self correction/elaboration note: Sorry, that was a tad terse to thepoint of being incomplete. It was intended to be framed in thecontext of what was already discussed in this thread. (i.e.something else doing the sudo intended for its own purposes, etc.,all of which everyone is already well aware of.)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability, (continued)
- - - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability ph0enix (May 19)
  - Message not available
    - Message not available
    - Message not available
    - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Jonathan Zdziarski (May 19)
- Ports used by trogens Brian Phillips (May 21)
  - Re: Ports used by trogens Who? (May 21)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 18)
- Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)
  - Re: Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability Brian K. (May 19)