Tip for Mac Devs

Apr. 11th, 2008 08:21 pm
sqlrob: (Default)
NSURLConnection behaves differently on Tiger vs. Leopard, even if you compile against the 10.4 SDK.

On 10.5, redirects will happen automatically even if you don't implement connection:willSendRequest:redirectResponse: on the delegate, but they don't happen on 10.4.
Tags:

Security flaw in Mac OS X

Jan. 23rd, 2008 09:55 pm
sqlrob: (security)
I filed this with Apple about a week ago, and since they qualify it as "enhancement", I guess they wouldn't mind me publicizing it. It exists in both Tiger and Leopard, and is probably in every version of OS X.

If you run as a non-administrator (you are running as a non-administrator, right?), you aren't as secure as you should be. When you drag a new app to /Applications, Finder asks you for administrator logon credentials. This is all well and good, and is exactly what it should do. However, what happens next is not, and opens you up for other attacks. This dialog is used only for authorization. The credentials are not used again, and the owner of the application is the current, non-administrative user.

To put this in terms of what may happen. You run Firefox, and install it by copying to /Applications. Since it requires authentication to do this, you've increased your safety, or so you think. Now something takes advantage of an exploit, and tries to overwrite the firefox application to do it's nefarious work. Whoops, it succeeds, and your system is now compromised when it should have been protected. Even Windows gets installing as an alternate user correct, why doesn't Mac?

There is fortunately, a simple workaround. Unfortunately, there is not a "Mac" work around, as I just tested that and that has a security flaw as well. Open up Terminal.App, and use su, sudo and chown to set the proper permissions. I'm sorry for the instructions being a little vague, but I will write out a detailed, automated way so that it's regularly scheduled and no intervention necessary.

The "Mac" way would be to right click on the application, and set the owner in the info inspector. This unfortunately, has a net effect of exactly nothing. The ownership of the directory is changed, but the ownership of the contents is not. The ability of malicious software to change the binary is not in any way impacted.
  • Current Mood: annoyed
Tags:

Jeez, how many times does it take?

Jun. 30th, 2006 09:20 pm
sqlrob: (security)
Reported twice to Apple, a bug that hangs Finder is *still* there in 10.4.7. 8 freaking major releases with Tiger and they can't get a bug fixed, even when I send logs.
  • Current Mood: annoyed
Tags:

Stupid Apple

Aug. 18th, 2005 08:53 am
sqlrob: (Default)
Who do you think you are anyway? Microsoft?

How did an entire subsystem get broken in the next-to-latest security update?

For those of you that installed 2005-007, there's a version 1.1 of that patch out now that fixes the problem.
  • Current Mood: annoyed
Tags:

Well, that was easier than I thought

Jul. 8th, 2005 10:28 am
sqlrob: (Default)
With [livejournal.com profile] jenbooks bringing her laptop to work and Phoenix being brought down for thunderstorms, I figured it was time to remove hotwayd and allow each of the Macs to pull their own Hotmail instead of deferring it to Phoenix.

$ tar zxf hotwayd*
$ cd hotwayd-0.8.4; ./configure

hmmm, so far so good.

$ make

Nuts. Those warnings don't look so hot. Hey, didn't something have problems dynamic linking on OS X?

$ LDFLAGS=-static ./configure

Urk. That didn't work, what were those errors again?
$ ./configure;make

Hmmm. Nothing on Google, nothing on their forums. What the heck
$ sudo make install

Whadda know, it worked. Some more digging on how to turn it on, and hey, OS X is xinetd. Piece o' cake. Edit the xinetd file that came with the tar and give it to xinetd.

$ sudo cp ~rob/hotwayd-0.8.4/hotwayd.xinetd /etc/xinetd.d/
$ sudo xinetd

Whadda mean no services enabled? Stupid computer.
$ man xinetd

Whoopsie.
$ sudo mv /etc/xinetd.d/hotwayd.xinetd /etc/xinetd.d/hotwayd
$ sudo xinetd

WOOHOO! Works like a charm. After a minor mishap with caps lock and trying to remember my password, installed on [livejournal.com profile] jenbooks computer as well.
  • Current Mood: accomplished
Tags:

@#&(*^^& Sony

Mar. 27th, 2005 06:54 pm
sqlrob: (Default)
I bought God Of War Friday, and just got around to downloading the free soundtrack mentioned on the box. Or rather, trying to download. Nice lovely redirection to a page saying "IE 5.5, with Administrative access only"

Goddammit, Windows is *not* the only fucking OS in the world, and there's no mention of requiring Windows on the box or docs anywhere. Never mind the idiocy in requiring admin access.
Tags:

Stuffit

Jan. 12th, 2005 10:24 pm
sqlrob: (Default)
ARRRRGGHHHH

Why did some idiot programmer/company decide that making a non-network program network bound is a good idea?

If you have a Mac and have been having trouble expanding files with StuffIt, here's a fix:

If you're scared of the command line:
Start StuffIt Expander
Wait
....
Wait
....
Wait some more
....
When it finally comes up, go to the preferences panel, go to "Version Checking", uncheck "Allow Version Checking"

If you don't mind the command line:
Start a Terminal

defaults write com.stuffit.expander allowVersionChecking false
Tags:

Mac publishers just get it

Dec. 31st, 2004 09:19 am
sqlrob: (Default)
While looking for [livejournal.com profile] jenbooks new Palm at Comp-USA, I decided to get Tron 2.0 for the Mac. This was the first Mac game I have purchased, with almost all my recent purchases being console games and one PC (a whole $0.25!) game.

So I start installing the game. Not once are any administrative privileges used by the installer. And after the install was done, all 2.5 G copied to the drive, the install CDs get put away. No need to use one to play.

Contrast this to the average PC game, where you oftentimes have to be administrator to run, never mind install. And need disks even after going through multi-gigabyte installs. And how long have NT class OSes been out so that permissions can be sorted out properly? And what valid (to me) reason does a game *ever* need administrative privileges?
Tags:

Woo Hoo!

Dec. 1st, 2004 10:34 pm
sqlrob: (Default)
I am posting this from Eris, my new computer which showed up several days early. Thank god I redid my old computer early, to be a mail server, file server, and soon to be a network evaluator, running intrusion attempts on everything on the LAN.

Boy, is it going to take some getting used to. It's different than anything I've used before. I like the Unix base and it still blows my mind opening a command line and typing "emacs" and have it work on a Mac. If you told me a couple of years ago that I'd get a Mac of my own free will, I would've tried to have you checked into Bellvue. There was no way I was going to buy a Windows box (working computer security does that to you), and I really didn't feel like spending the time figuring out what parts I needed, piecing them together and installing the OS. [livejournal.com profile] jenbooks egged me on a little to much at the Apple store :D.

The difference in mindset between OSX and Windows is incredible. I thought it interesting that the games that come with XP were solitare and Pinball, but the ones that come with OSX are Chess and some 3D games. The security is completely different too. Default install, with slight changes to require login and lock the screensaver, and a port scan showed diddleysquat, taking more than 10 minutes to run and finding nothing, contrast to the numerous ports open on a default XP install.

Dev tools, Firefox and Thunderbird are all installed now, and it's time to just wander around the system to see what's there.
Tags:

Profile

sqlrob: (Default)
sqlrob

April 2009

S M T W T F S
   1234
567891011
12131415161718
192021 22232425
2627282930  

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags