Linked by Thom Holwerda on Fri 24th Nov 2006 20:06 UTC, submitted by hamster
Mac OS X On Thursday, antivirus firm F-Secure published a brief analysis of a proof-of-concept adware program for the Mac OS X that could theoretically hook into any application to run attacker-specified code. The program, dubbed IAdware by F-Secure, could be silently installed in a user's account without requiring administrator rights. "We won't disclose the exact technique used here - it's a feature not a bug - but let's just say that installing a System Library shouldn't be allowed without prompting the user," stated F-Secure in the blog post. "Especially as it only requires copy permissions." My take: I'd say, hand over the code, then we'll talk.
Permalink for comment 185442
To read all comments associated with this story, please click here.
Hmm
by nevali on Sun 26th Nov 2006 10:57 UTC
nevali
Member since:
2006-10-12

Er, hold on, there's nothing spectacular here. The same thing could be fairly trivially implemented on Linux, Solaris, or BSD by maliciously adding LD_PRELOAD settings to your .profile/.bashrc/whatever.

On the one hand, F-Secure say ‘installed to your user account’ and on the other they say ‘System Library’. Which is it, boys and girls?

I'm guessing it's one of ~/Library/InputManagers, /Library/InputManagers, or /System/Library/InputManagers? Place bets now!

If a non-admin can write to /Library/InputManagers or /System/Library/InputManagers, then we perhaps have a problem, otherwise this whole thing is simply that a user can install a shared library in their own home directory and it be loaded automatically. Newsflash: most other UNIX-like systems that use shared libraries have the same functionality.

Reply Score: 3