News for the nerds today: a BugTraq post details a way in which a local unprivileged user on a OSX machine can overwrite any file on the hard disk by using NetInfo Manager.
…if the user runs “NetInfo Manager” and chooses to print the window content by choosing “Domain: Print”, the Print dialog is running as root? By choosing to “Save as PDF”, the associated file manager window is itself running as root, thus allowing the user to navigate all files on the connected hard disks. Moreover, by creating a filesystem link to any file of the filesystem, calling the link “dummy.pdf”, and then saving the PDF over this link, the user is then allowed to overwrite the contents of any file of the filesystem, including system files or files owned by other users on the system.
It’s sloppiness like this which is evident in much of OSX, even in version 10.2. While I think its a great OS for a Unix-centric hacker to use at home (dare I say it–preferable to Linux); continued stuff like this means you’d be insane to deploy OSX in a university or other multi-user environment just yet.