{"id":681,"date":"2006-02-01T22:05:32","date_gmt":"2006-02-01T22:05:32","guid":{"rendered":"http:\/\/spamers.net\/b\/2006\/02\/01\/destroying-dreams-sicherheit-in-osx\/"},"modified":"2006-02-01T22:05:32","modified_gmt":"2006-02-01T22:05:32","slug":"destroying-dreams-sicherheit-in-osx","status":"publish","type":"post","link":"https:\/\/spamers.net\/b\/2006\/02\/01\/destroying-dreams-sicherheit-in-osx\/","title":{"rendered":"Destroying Dreams: Sicherheit in OSX"},"content":{"rendered":"<p>bei <a href=\"http:\/\/fukami.vakuum.net\/archives\/2006\/01\/27\/exploiten-fuer-doofe\/\" title=\"http:\/\/fukami.vakuum.net\/archives\/2006\/01\/27\/exploiten-fuer-doofe\/\">fukami<\/a> gibt es eine nette Beschreibung \u00c3\u00bcber dsidentity.<\/p>\n<p>Ganz kurze Zusammenfassung :<br \/>\ndsidentity war in MacOSX bis 10.4.2 in der Standardinstallation enthalten.<br \/>\nMit dsidentity lassen sich Benutzer anlegen, allerdings gibt es keine wirkliche Authentifizierung und das l\u00c3\u00a4sst sich ausnutzen:<\/p>\n<p>char *envStr = nil; <br \/>\nenvStr = getenv(&quot;USER&quot;); <br \/>\n\/\/check for member of admin group <br \/>\nif ( (envStr != nil) &amp;&amp; UserIsMemberOfGroup( inDSRef, inDSNodeRef, envStr, &quot;admin&quot; ) ) <br \/>\n{ <br \/>\n     return true; <br \/>\n}<\/p>\n<p>Und mit USER kann man sch\u00c3\u00b6ne exploit-spielchen machen..<\/p>\n<p>$ export USER=root_oder_irgendsowas  <br \/>\n$ env|grep USER           <br \/>\nUSER=root_oder_irgendsowas <\/p>\n<p>Zitat aus dem zdnet Artikel: <a href=\"http:\/\/www.zdnet.com.au\/news\/security\/soa\/Ancient_flaws_leave_OS_X_vulnerable_\/0,2000061744,39234678,00.htm\" title=\"http:\/\/www.zdnet.com.au\/news\/security\/soa\/Ancient_flaws_leave_OS_X_vulnerable_\/0,2000061744,39234678,00.htm\">Ancient flaws leave OS X vulnerable?<\/a>:<\/p>\n<p><i>&quot;Bugs like this require a simple glance over the code to notice and are long dead on other operating systems.\u00e2\u20ac\u00a6 When we spoke to Apple on the phone about this issue, the security team had never even heard of the application, and burst out laughing at the simplicity of the vulnerability,&quot; said Archibald.<\/i><\/p>\n<p>als Tipp:der <a href=\"http:\/\/bcm43xx.berlios.de\/\" title=\"http:\/\/bcm43xx.berlios.de\/\">offene Treiber f\u00c3\u00bcr Broadcom<\/a> zeugs scheint langsam benutzbar zu sein.. es gibt ja nicht nur WinOS und MacOS da draussen..<br \/>\nPseudoTag: HacksHacks<\/p>\n","protected":false},"excerpt":{"rendered":"<p>bei fukami gibt es eine nette Beschreibung \u00c3\u00bcber dsidentity. Ganz kurze Zusammenfassung : dsidentity war in MacOSX bis 10.4.2 in der Standardinstallation enthalten. Mit dsidentity lassen sich Benutzer anlegen, allerdings gibt es keine wirkliche Authentifizierung und das l\u00c3\u00a4sst sich ausnutzen: char *envStr = nil; envStr = getenv(&quot;USER&quot;); \/\/check for member of admin group if ( [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,9],"tags":[],"_links":{"self":[{"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/posts\/681"}],"collection":[{"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/comments?post=681"}],"version-history":[{"count":0,"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/posts\/681\/revisions"}],"wp:attachment":[{"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/media?parent=681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/categories?post=681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/spamers.net\/b\/wp-json\/wp\/v2\/tags?post=681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}