Mac OS X Trojan Threat
In keeping track of the pulse of the Mac OS X Security updates, I recently found c/o Wishingline.com which found a security bug c/o Security Focus, a recent discovery of a possible exploit in OS X whereby a user can gain Admin access. I’ve quoted the post below:
The Bug
The bug involves an application gaining root privileges by not having to explicitly authenticate itself due to the 5 minute sudo authentication window — you don’t have to re-authenticate within a 5 minute period of authenticating as an admin user. There’s also a problem related to where the authentication attempts are logged being readable by all users on the system, not just admin users.
The FixFire up the Terminal application - this one is all command-line.
- Open up the sudoers file in a new window via: sudo pico /etc/sudoers.
- Go to the Defaults section of the file and add the following bits:
Defaults:ALL !syslog
Defaults:ALL logfile=/var/log/secure.log
Defaults:ALL timestamp_timeout=0
Defaults:ALL tty_ticketsAdding these items will change where authentication attempts are logged, the sudo timeout will be set to zero instead of the 5-minute default and the password grace period will be set to a local tty session and not globally.
- Save the file and run the next command to verify your changes: sudo visudo -c.
You can now rest a little more securely. Let’s hope Apple does something about this in one of the upcoming updates (10.3.9 or Tiger).
UpdateI meant to reiterate that this is not an active problem in any way at this point in time. There’s no need to panic or overreact…
