[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Files created with emacs are owned by system

From: Peter Dyballa
Subject: Re: Files created with emacs are owned by system
Date: Fri, 1 Aug 2008 22:55:17 +0200

Am 01.08.2008 um 21:17 schrieb David Kastrup:

This Apple Emacs is -nw only. Since half a decade 21.2.

Emacs 21.2 can't be compressed into 30008 bytes.  No fscking way.  The
most likely explanation is that this machine has been hacked, emacs (and
likely other binaries) replaced by a propagating virus that does its
damage code, then fetches and executes the original command from
somewhere else.

My Mac isn't hacked and it wasn't hacked before. Proof: running Disk Utility (or the corresponding command line utility, i.e., diskutil verifyPermissions <device>) to check integrity of the installation. OK, if the receipt files of the installed packages have been substituted, then it won't fail on a hacked system. Anyone willing to crack my root password?

Now, here is the dull reality:

        pete 265 /\ ls -l /usr/bin/emacs
        -r-xr-xr-x   1 root  wheel  13964 20 Feb 23:31 /usr/bin/emacs
        pete 266 /\ file /usr/bin/emacs
        /usr/bin/emacs: Mach-O executable ppc
        pete 267 /\ otool -L /usr/bin/emacs
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 88.1.11)

Otool -L works like ldd in linux.

        pete 268 /\ uname -a
Darwin localhost 8.11.0 Darwin Kernel Version 8.11.0: Wed Oct 10 18:26:00 PDT 2007; root:xnu-792.24.17~1/RELEASE_PPC Power Macintosh powerpc

Just received, as description of Security Update 2008-005's contents:

        Disk Utility
        CVE-ID:  CVE-2008-2324
        Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
        Impact:  A local user may obtain system privileges
        Description:  The "Repair Permissions" tool in Disk Utility makes
        /usr/bin/emacs setuid. After the Repair Permissions tool has been
        run, a local user may use emacs to run commands with system
        privileges. This update addresses the issue by correcting the
        permissions applied to emacs in the Repair Permissions tool. This
        issue does not affect systems running Mac OS X v10.5 and later.

Mit friedvollen Grüßen


Klingons do not believe in indentation - except perhaps in the skulls of their project managers.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]