Panther authentication/security issues: sudo/sleep; Finder authentication
Panther authentication/security issues: sudo/sleep; Finder authentication
"sudo" command uses GUI clock instead of system clock? According to an alert at Securitytracker.com, the Unix sudo command -- which allows an admin-level user to run certain Terminal commands with root access, and provides such access for five minutes by default -- can provide a vulnerability in OS X when used immediately before putting the computer to sleep.
According to the report, sudo in OS X uses the system's "graphical" clock rather than the actual system clock; if the computer is put into sleep mode when the sudo timer is still running (i.e., when the user is still authenticated), the time in sleep does not count against the timer. In other words, if you use the sudo command in Terminal and one minute later put your Mac to sleep, when you wake it up again, your Terminal session will still be authenticated for four more minutes. The SecurityTracker site claims this issue only affects Apple laptops, but if this is truly sleep-related, then it would also appear to affect Apple desktop computers.
Although SecurityTracker claims no solution is available, that is not entirely accurate. You can remove sudo authentication immediately by typing "sudo -k" in Terminal. If you're concerned about this issue, simply issue this command when you're done using sudo.
Finder authentication issues #1 We've been covering issues with Finder authentication; specifically, that such authentication lasts for five minutes, allowing you to accidentally perform actions that would otherwise be prohibited. As part of this coverage, we reported that login itself authenticates admin user, meaning that for a period of five minutes after login, the user's account is apparently unrestricted.
Ted Landau, MacFixIt founder, discovered that not only does this "authentication window" occur when you login or when you authenticate an action in the Finder; it also appears to occur when you authenticate in various other situations:
"For example, if you are asked to enter your password in System Preferences (to authenticate a pane), you will also initiate a 5 minute grace period in the Finder. This means that for the next five minutes, you can delete whatever you want with no prohibition and probably no warning message - even though most users will not realize that they have been authenticated."
The key to this situation, and most of the others we've covered here at MacFixIt, is that the user is unaware that they are authenticated in the Finder. The more of these situations we discover, the more we think this is a serious security flaw. If not "security" in the sense that someone could access your Mac, at least "security" in the context of a false sense that OS X won't let you do anything disastrous accidentally (which has historically been true).
Finder authentication issues #2 Related to the previous item, Security Corporation has posted a security alert related to Finder authentication issues. The issue is that Finder authentication circumvents root file permissions:
"The Finder is authenticating using the /etc/authorization control list. The authorization right it is looking for is 'com.apple.desktopservices'. This right is not in the list so it is falling back to the 'default' rule which allows any admin to be authorized thus gaining write access even though the admin group does not have write permissions and even if admin is not allowed to sudo. If the 'Go To Folder..' command is used, the admin user can gain write access to any directory on the system including /private which belongs to root."
Resources