About | Buy the Software | Forum | Industry Watch | Learning Curve | Newsletters | Products
Home » Learning Curve » Red Hat Diaries

20070118,00


Buy It

Try It

Oh-Ess-Ten-One-Oh-One.

Here's the official paths directory for OS X. It's embedded in every running OS X system. There's a reason for this.

OS X is a very orderly critter. When it comes to computer science, things have to be very orderly. And when it comes to multiuser systems, things have to be very safe.

Unfortunately nothing can be 100% safe if you have bleating idiots running around and changing things all the time. But this is the way OS X is supposed to look and this is the way OS X is supposed to work and it doesn't look bad at all and it works very nicely - again provided some bleating idiot doesn't come along and screw things up.




























← You're wondering what all those 'NS' prefixes mean? They stand for 'NeXTSTEP'.

That's the OS X you're using now if you're running an Apple computer.

And that's the NeXT cube above. It cost $100,000.

Apple bought the NeXTSTEP operating system because they couldn't make one themselves.

They tried but they failed miserably.

Then they took the technology that failed them and put it in NeXTSTEP and ruined that too.

Now they're telling you to fix system bugs with application enhancers.

Tomorrow they'll announce the 40 column monitor screen, sprites, and Pong.

And probably come out with a new commemorative edition of System 7.

OK, enough snide remarks for now. Get back to your schoolwork.
Domain MaskDirectoryPaths
NSLocalDomainMaskNSAdminApplicationDirectory/Applications/Utilities
NSLocalDomainMaskNSAllApplicationsDirectory/Applications
/Applications/Utilities
/Developer/Applications
/Applications/GrabBag
NSLocalDomainMaskNSAllLibrariesDirectory/Library
/Developer
NSLocalDomainMaskNSApplicationDirectory/Applications
NSLocalDomainMaskNSDemoApplicationDirectory/Applications/GrabBag
NSLocalDomainMaskNSDeveloperApplicationDirectory/Developer/Applications
NSLocalDomainMaskNSDeveloperDirectory/Developer
NSLocalDomainMaskNSDocumentationDirectory/Library/Documentation
NSLocalDomainMaskNSDocumentDirectory
NSLocalDomainMaskNSLibraryDirectory/Library
NSLocalDomainMaskNSUserDirectory/Users
 
NSNetworkDomainMaskNSAdminApplicationDirectory/Network/Applications/Utilities
NSNetworkDomainMaskNSAllApplicationsDirectory/Network/Applications
/Network/Applications/Utilities
/Network/Developer/Applications
/Network/Applications/GrabBag
NSNetworkDomainMaskNSAllLibrariesDirectory/Network/Library
/Network/Developer
NSNetworkDomainMaskNSApplicationDirectory/Network/Applications
NSNetworkDomainMaskNSDemoApplicationDirectory/Network/Applications/GrabBag
NSNetworkDomainMaskNSDeveloperApplicationDirectory/Network/Developer/Applications
NSNetworkDomainMaskNSDeveloperDirectory/Network/Developer
NSNetworkDomainMaskNSDocumentationDirectory/Network/Library/Documentation
NSNetworkDomainMaskNSDocumentDirectory
NSNetworkDomainMaskNSLibraryDirectory/Network/Library
NSNetworkDomainMaskNSUserDirectory/Network/Users
 
NSSystemDomainMaskNSAdminApplicationDirectory/Applications/Utilities
NSSystemDomainMaskNSAllApplicationsDirectory/Applications
/Applications/Utilities
/Developer/Applications
/Applications/GrabBag
NSSystemDomainMaskNSAllLibrariesDirectory/System/Library
/Developer
NSSystemDomainMaskNSApplicationDirectory/Applications
NSSystemDomainMaskNSDemoApplicationDirectory/Applications/GrabBag
NSSystemDomainMaskNSDeveloperApplicationDirectory/Developer/Applications
NSSystemDomainMaskNSDeveloperDirectory/Developer
NSSystemDomainMaskNSDocumentationDirectory/System/Library/Documentation
NSSystemDomainMaskNSDocumentDirectory
NSSystemDomainMaskNSLibraryDirectory/System/Library
NSSystemDomainMaskNSUserDirectory
 
NSUserDomainMaskNSAdminApplicationDirectory~/Applications/Utilities
NSUserDomainMaskNSAllApplicationsDirectory~/Applications
~/Applications/Utilities
~/Developer/Applications
~/Applications/GrabBag
NSUserDomainMaskNSAllLibrariesDirectory~/Library
~/Developer
NSUserDomainMaskNSApplicationDirectory~/Applications
NSUserDomainMaskNSDemoApplicationDirectory~/Applications/GrabBag
NSUserDomainMaskNSDeveloperApplicationDirectory~/Developer/Applications
NSUserDomainMaskNSDeveloperDirectory~/Developer
NSUserDomainMaskNSDocumentationDirectory~/Library/Documentation
NSUserDomainMaskNSDocumentDirectory~/Documents
NSUserDomainMaskNSLibraryDirectory~/Library
NSUserDomainMaskNSUserDirectory

If you're still here then perhaps you won't mind moving on. There are namely a few things not mentioned in the above table. They have to do with order but more importantly they have to do with safety.

And little boys and girls can't have fun if there's no safety.

/System/Library Permissions

/System/Library is where your system is. It's locked down. Totally. You can't get in there and muck about. Go in there yourself and take a peek. Try to find one single file you as an ordinary user - even an 'admin' user - can get at and corrupt. Go ahead - try. Try using this script.

sudo find /System/Library \( -perm -0020 -or -perm -0002 \)

That will find any files that are modifiable not only by the owner but by you or anyone else. You might find a few modem files and you should find a 'Drop Box' directory used to set up new users - but that's it.

OK, now try this script. This will find all files that are not owned by root.

sudo find /System/Library ! -user 0

You should come up totally blank on that one. Now let's look a bit at what's inside /System/Library - in particular at the frameworks. You have two big repositories of frameworks inside /System/Library: Frameworks and PrivateFrameworks. Do you think you can find a file in either of those locations you can modify?

[You should know the answer without trying - you just checked the entire /System/Library, remember?]

In /System/Library/Frameworks you should find something similar to the following.

/System/Library/Frameworks/AddressBook.framework
/System/Library/Frameworks/AGL.framework
/System/Library/Frameworks/AppKit.framework
/System/Library/Frameworks/AppKitScripting.framework
/System/Library/Frameworks/AppleScriptKit.framework
/System/Library/Frameworks/AppleShareClient.framework
/System/Library/Frameworks/AppleShareClientCore.framework
/System/Library/Frameworks/AppleTalk.framework
/System/Library/Frameworks/ApplicationServices.framework
/System/Library/Frameworks/AudioToolbox.framework
/System/Library/Frameworks/AudioUnit.framework
/System/Library/Frameworks/Carbon.framework
/System/Library/Frameworks/Cocoa.framework
/System/Library/Frameworks/CoreAudio.framework
/System/Library/Frameworks/CoreFoundation.framework
/System/Library/Frameworks/CoreMIDI.framework
/System/Library/Frameworks/CoreMIDIServer.framework
/System/Library/Frameworks/CoreServices.framework
/System/Library/Frameworks/DirectoryService.framework
/System/Library/Frameworks/DiscRecording.framework
/System/Library/Frameworks/DiscRecordingUI.framework
/System/Library/Frameworks/DrawSprocket.framework
/System/Library/Frameworks/DVComponentGlue.framework
/System/Library/Frameworks/ExceptionHandling.framework
/System/Library/Frameworks/ForceFeedback.framework
/System/Library/Frameworks/Foundation.framework
/System/Library/Frameworks/FWAUserLib.framework
/System/Library/Frameworks/GLUT.framework
/System/Library/Frameworks/InterfaceBuilder.framework
/System/Library/Frameworks/IOBluetooth.framework
/System/Library/Frameworks/IOBluetoothUI.framework
/System/Library/Frameworks/IOKit.framework
/System/Library/Frameworks/JavaEmbedding.framework
/System/Library/Frameworks/JavaVM.framework
/System/Library/Frameworks/Kerberos.framework
/System/Library/Frameworks/Kernel.framework
/System/Library/Frameworks/LDAP.framework
/System/Library/Frameworks/Message.framework
/System/Library/Frameworks/OpenGL.framework
/System/Library/Frameworks/PCSC.framework
/System/Library/Frameworks/PreferencePanes.framework
/System/Library/Frameworks/QuickTime.framework
/System/Library/Frameworks/ScreenSaver.framework
/System/Library/Frameworks/Scripting.framework
/System/Library/Frameworks/Security.framework
/System/Library/Frameworks/System.framework
/System/Library/Frameworks/SystemConfiguration.framework
/System/Library/Frameworks/TWAIN.framework
/System/Library/Frameworks/vecLib.framework
/System/Library/Frameworks/WebKit.framework

In /System/Library/PrivateFrameworks you should find something similar to the following.

/System/Library/PrivateFrameworks/Admin.framework
/System/Library/PrivateFrameworks/AFPDefines.framework
/System/Library/PrivateFrameworks/Apple80211.framework
/System/Library/PrivateFrameworks/AppleScript.framework
/System/Library/PrivateFrameworks/BezelServices.framework
/System/Library/PrivateFrameworks/bfd.framework
/System/Library/PrivateFrameworks/binutils.framework
/System/Library/PrivateFrameworks/Bom.framework
/System/Library/PrivateFrameworks/CALCore.framework
/System/Library/PrivateFrameworks/DAVAccess.framework
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework
/System/Library/PrivateFrameworks/DigiHubPreference.framework
/System/Library/PrivateFrameworks/DirectoryServiceCore.framework
/System/Library/PrivateFrameworks/DiskArbitration.framework
/System/Library/PrivateFrameworks/DiskImages.framework
/System/Library/PrivateFrameworks/DisplayServices.framework
/System/Library/PrivateFrameworks/DVD.framework
/System/Library/PrivateFrameworks/gdb.framework
/System/Library/PrivateFrameworks/HelpUI.framework
/System/Library/PrivateFrameworks/HTMLDisplay.framework
/System/Library/PrivateFrameworks/ICACameraPriv.framework
/System/Library/PrivateFrameworks/ICANotifications.framework
/System/Library/PrivateFrameworks/ICAScannerPriv.framework
/System/Library/PrivateFrameworks/Ink.framework
/System/Library/PrivateFrameworks/Installation.framework
/System/Library/PrivateFrameworks/InstantMessage.framework
/System/Library/PrivateFrameworks/International.framework
/System/Library/PrivateFrameworks/IntlPreferences.framework
/System/Library/PrivateFrameworks/iPod.framework
/System/Library/PrivateFrameworks/JavaApplicationLauncher.framework
/System/Library/PrivateFrameworks/JavaApplicationLauncherUI.framework
/System/Library/PrivateFrameworks/JavaBrowser.framework
/System/Library/PrivateFrameworks/JavaCarbonSupport.framework
/System/Library/PrivateFrameworks/JavaKit.framework
/System/Library/PrivateFrameworks/JavaScriptCore.framework
/System/Library/PrivateFrameworks/JavaScriptGlue.framework
/System/Library/PrivateFrameworks/LatentSemanticMapping.framework
/System/Library/PrivateFrameworks/liberty.framework
/System/Library/PrivateFrameworks/MachineSettings.framework
/System/Library/PrivateFrameworks/MediaKit.framework
/System/Library/PrivateFrameworks/mLAN.framework
/System/Library/PrivateFrameworks/mmalloc.framework
/System/Library/PrivateFrameworks/MonitorPanel.framework
/System/Library/PrivateFrameworks/NetInfo.framework
/System/Library/PrivateFrameworks/NetworkConfig.framework
/System/Library/PrivateFrameworks/NIAccess.framework
/System/Library/PrivateFrameworks/NIInterface.framework
/System/Library/PrivateFrameworks/opcodes.framework
/System/Library/PrivateFrameworks/PBDevKit.framework
/System/Library/PrivateFrameworks/PBXCore.framework
/System/Library/PrivateFrameworks/PBXInterface.framework
/System/Library/PrivateFrameworks/PBXRemoteClient.framework
/System/Library/PrivateFrameworks/PowerPlant.framework
/System/Library/PrivateFrameworks/ProjectBuilder.framework
/System/Library/PrivateFrameworks/readline.framework
/System/Library/PrivateFrameworks/SearchEngine.framework
/System/Library/PrivateFrameworks/SearchKit.framework
/System/Library/PrivateFrameworks/SecurityHICocoa.framework
/System/Library/PrivateFrameworks/ServerControl.framework
/System/Library/PrivateFrameworks/ServerPrefs.framework
/System/Library/PrivateFrameworks/SetupAssistant.framework
/System/Library/PrivateFrameworks/SetupAssistantIA.framework
/System/Library/PrivateFrameworks/SetupAssistantSupport.framework
/System/Library/PrivateFrameworks/SherlockCore.framework
/System/Library/PrivateFrameworks/SpeechDictionary.framework
/System/Library/PrivateFrameworks/SpeechObjects.framework
/System/Library/PrivateFrameworks/SPSupport.framework
/System/Library/PrivateFrameworks/SyncConduit.framework
/System/Library/PrivateFrameworks/SyncEngine.framework
/System/Library/PrivateFrameworks/SyncServices.framework
/System/Library/PrivateFrameworks/SystemUIPlugin.framework
/System/Library/PrivateFrameworks/TheaterMode.framework
/System/Library/PrivateFrameworks/TimClient.framework
/System/Library/PrivateFrameworks/TimServer.framework
/System/Library/PrivateFrameworks/ToolSupport.framework
/System/Library/PrivateFrameworks/URLMount.framework
/System/Library/PrivateFrameworks/vmutils.framework
/System/Library/PrivateFrameworks/VSP.framework
/System/Library/PrivateFrameworks/WebFoundation.framework

That's part of the guts of your OS X system - and you can't touch a thing.

Here's another location for your kernel extensions. Same story here. You can't touch a thing.

/System/Library/Extensions/ACard62xxM.kext
/System/Library/Extensions/ACard671xSCSI.kext
/System/Library/Extensions/ACard68xxM.kext
/System/Library/Extensions/Adaptec290X-2930.kext
/System/Library/Extensions/Adaptec29160x.kext
/System/Library/Extensions/Adaptec39160.kext
/System/Library/Extensions/Adaptec78XXSCSI.kext
/System/Library/Extensions/Apple16X50Serial.kext
/System/Library/Extensions/Apple_DEC21x4Ethernet.kext
/System/Library/Extensions/AppleAD741x.kext
/System/Library/Extensions/AppleADBButtons.kext
/System/Library/Extensions/AppleADBDisplay.kext
/System/Library/Extensions/AppleADBKeyboard.kext
/System/Library/Extensions/AppleADBMouse.kext
/System/Library/Extensions/AppleADM103x.kext
/System/Library/Extensions/AppleADT746x.kext
/System/Library/Extensions/AppleAirPort.kext
/System/Library/Extensions/AppleAirPort2.kext
/System/Library/Extensions/AppleAirPortFW.kext
/System/Library/Extensions/AppleAltiVecDVDDriver.bundle
/System/Library/Extensions/AppleBCM5701Ethernet.kext
/System/Library/Extensions/AppleBlower.kext
/System/Library/Extensions/AppleBMacEthernet.kext
/System/Library/Extensions/AppleCore99NVRAM.kext
/System/Library/Extensions/AppleCore99PE.kext
/System/Library/Extensions/AppleCPUThermo.kext
/System/Library/Extensions/AppleCuda.kext
/System/Library/Extensions/AppleDallasDriver.kext
/System/Library/Extensions/AppleFan.kext
/System/Library/Extensions/AppleFlashNVRAM.kext
/System/Library/Extensions/AppleFPButton.kext
/System/Library/Extensions/AppleFWAudio.kext
/System/Library/Extensions/AppleFWOHCI.kext
/System/Library/Extensions/AppleGMACEthernet.kext
/System/Library/Extensions/AppleGossamerPE.kext
/System/Library/Extensions/AppleGPIO.kext
/System/Library/Extensions/AppleGracklePCI.kext
/System/Library/Extensions/AppleHeathrow.kext
/System/Library/Extensions/AppleHWClock.kext
/System/Library/Extensions/AppleHWSensor.kext
/System/Library/Extensions/AppleI2C.kext
/System/Library/Extensions/AppleIntel8255x.kext
/System/Library/Extensions/AppleK2.kext
/System/Library/Extensions/AppleK2Driver.kext
/System/Library/Extensions/AppleK2Fan.kext
/System/Library/Extensions/AppleKauaiATA.kext
/System/Library/Extensions/AppleKeyLargo.kext
/System/Library/Extensions/AppleKeyswitch.kext
/System/Library/Extensions/AppleKiwiATA.kext
/System/Library/Extensions/AppleKiwiRoot.kext
/System/Library/Extensions/AppleLED.kext
/System/Library/Extensions/AppleLM7x.kext
/System/Library/Extensions/AppleLM87.kext
/System/Library/Extensions/AppleLMUController.kext
/System/Library/Extensions/AppleLSIFusionMPT.kext
/System/Library/Extensions/AppleLynx.kext
/System/Library/Extensions/AppleMacRISC2PE.kext
/System/Library/Extensions/AppleMacRiscPCI.kext
/System/Library/Extensions/AppleMaxim6690.kext
/System/Library/Extensions/AppleMediaBay.kext
/System/Library/Extensions/AppleMesh.kext
/System/Library/Extensions/AppleMIDIFWDriver.plugin
/System/Library/Extensions/AppleMIDIUSBDriver.plugin
/System/Library/Extensions/AppleMLANAudio.kext
/System/Library/Extensions/AppleMPIC.kext
/System/Library/Extensions/AppleNDRV
/System/Library/Extensions/AppleOnboardAudio.kext
/System/Library/Extensions/AppleOnboardDisplay.kext
/System/Library/Extensions/ApplePCCard16ATA.kext
/System/Library/Extensions/ApplePCCardATA.kext
/System/Library/Extensions/ApplePMU.kext
/System/Library/Extensions/ApplePMUPCCardEject.kext
/System/Library/Extensions/AppleRAID.kext
/System/Library/Extensions/AppleRS574Serial.kext
/System/Library/Extensions/AppleSCCIrDA.kext
/System/Library/Extensions/AppleSCCSerial.kext
/System/Library/Extensions/AppleStorageDrivers.kext
/System/Library/Extensions/AppleSym8xx.kext
/System/Library/Extensions/AppleThermal.kext
/System/Library/Extensions/AppleUSBAudio.kext
/System/Library/Extensions/AppleUSBDisplays.kext
/System/Library/Extensions/AppleUSBIrDA.kext
/System/Library/Extensions/AppleUSBProKeyboard.kext
/System/Library/Extensions/AppleVIA.kext
/System/Library/Extensions/AppleVSP.kext
/System/Library/Extensions/ATIRadeon.kext
/System/Library/Extensions/ATIRadeon8500.kext
/System/Library/Extensions/ATIRadeon8500DVDDriver.bundle
/System/Library/Extensions/ATIRadeon8500GA.plugin
/System/Library/Extensions/ATIRadeon8500GLDriver.bundle
/System/Library/Extensions/ATIRadeon9700.kext
/System/Library/Extensions/ATIRadeon9700DVDDriver.bundle
/System/Library/Extensions/ATIRadeon9700GA.plugin
/System/Library/Extensions/ATIRadeon9700GLDriver.bundle
/System/Library/Extensions/ATIRadeonDVDDriver.bundle
/System/Library/Extensions/ATIRadeonGA.plugin
/System/Library/Extensions/ATIRadeonGLDriver.bundle
/System/Library/Extensions/ATIRage128.kext
/System/Library/Extensions/ATIRage128DVDDriver.bundle
/System/Library/Extensions/ATIRage128GA.plugin
/System/Library/Extensions/ATIRage128GLDriver.bundle
/System/Library/Extensions/ATIRagePro.kext
/System/Library/Extensions/ATIRageProGA.plugin
/System/Library/Extensions/ATTOExpressPCI.kext
/System/Library/Extensions/AudioDeviceTreeUpdater.kext
/System/Library/Extensions/BootCache.kext
/System/Library/Extensions/cddafs.kext
/System/Library/Extensions/CMD646ATA.kext
/System/Library/Extensions/CMD646Root.kext
/System/Library/Extensions/DCPModemSupport.kext
/System/Library/Extensions/DVFamily.bundle
/System/Library/Extensions/GeForce.kext
/System/Library/Extensions/GeForce2MXGLDriver.bundle
/System/Library/Extensions/GeForce3GLDriver.bundle
/System/Library/Extensions/GeForceFXGLDriver.bundle
/System/Library/Extensions/GeForceGA.plugin
/System/Library/Extensions/HeathrowATA.kext
/System/Library/Extensions/I2CGPIO.kext
/System/Library/Extensions/ICAClassicNotSeizeDriver.kext
/System/Library/Extensions/ICAFWKodakProDriver.kext
/System/Library/Extensions/ImmersionForceFeedback.kext
/System/Library/Extensions/InternalModemSupport.kext
/System/Library/Extensions/InternalUSBModem.kext
/System/Library/Extensions/IOATABlockStorage.kext
/System/Library/Extensions/IOATAFamily.kext
/System/Library/Extensions/IOATAPIProtocolTransport.kext
/System/Library/Extensions/IOAudioFamily.kext
/System/Library/Extensions/IOBluetoothFamily.kext
/System/Library/Extensions/IOBluetoothHIDDriver.kext
/System/Library/Extensions/IOCDStorageFamily.kext
/System/Library/Extensions/IODVDStorageFamily.kext
/System/Library/Extensions/IOFireWireAVC.kext
/System/Library/Extensions/IOFireWireAVCLib.plugin
/System/Library/Extensions/IOFireWireFamily.kext
/System/Library/Extensions/IOFireWireSBP2.kext
/System/Library/Extensions/IOFireWireSerialBusProtocolTransport.kext
/System/Library/Extensions/IOGraphicsFamily.kext
/System/Library/Extensions/IOHDIXController.kext
/System/Library/Extensions/IOHIDFamily.kext
/System/Library/Extensions/IOHIDSystem.kext
/System/Library/Extensions/IOKeyLargo.kext
/System/Library/Extensions/IONDRVSupport.kext
/System/Library/Extensions/IONetworkingFamily.kext
/System/Library/Extensions/IOPCCardFamily.kext
/System/Library/Extensions/IOPCIFamily.kext
/System/Library/Extensions/IOPlatformFunction.kext
/System/Library/Extensions/IOSCSIArchitectureModelFamily.kext
/System/Library/Extensions/IOSCSIParallelFamily.kext
/System/Library/Extensions/IOSerialFamily.kext
/System/Library/Extensions/IOStorageFamily.kext
/System/Library/Extensions/IOUSBFamily.kext
/System/Library/Extensions/IOUSBMassStorageClass.kext
/System/Library/Extensions/IPFirewall.kext
/System/Library/Extensions/iPodDriver.kext
/System/Library/Extensions/KeyLargoATA.kext
/System/Library/Extensions/LogitechForceFeedback.kext
/System/Library/Extensions/MacIOGPIO.kext
/System/Library/Extensions/msdosfs.kext
/System/Library/Extensions/NKEMgr.kext
/System/Library/Extensions/NVDANV10Hal.kext
/System/Library/Extensions/NVDANV20Hal.kext
/System/Library/Extensions/NVDANV30Hal.kext
/System/Library/Extensions/NVDAResman.kext
/System/Library/Extensions/PPP.kext
/System/Library/Extensions/PPPoE.ppp
/System/Library/Extensions/PPPSerial.ppp
/System/Library/Extensions/PPTP.ppp
/System/Library/Extensions/SharedIP.kext
/System/Library/Extensions/smbfs.kext
/System/Library/Extensions/System.kext
/System/Library/Extensions/udf.kext
/System/Library/Extensions/UltraTek100.kext
/System/Library/Extensions/UltraTek133.kext
/System/Library/Extensions/UltraTek33.kext
/System/Library/Extensions/UltraTek66.kext
/System/Library/Extensions/VirtualAudioDriver.kext
/System/Library/Extensions/webdav_fs.kext

OK, let's wander over to /dev. You probably can't get in there but we can. Here's where you have all your device files. Again, this is sensitive system stuff - and you won't be able to touch a thing. And that's by design - for your safety.

/dev/bpf0
/dev/bpf1
/dev/bpf2
/dev/bpf3
/dev/console
/dev/cu.IrDA-IrCOMMch-b
/dev/cu.modem
/dev/disk0
/dev/disk0s1
/dev/disk0s2
/dev/disk0s3
/dev/disk0s4
/dev/disk0s5
/dev/fd
/dev/klog
/dev/kmem
/dev/mem
/dev/null
/dev/ptyp0
/dev/ptyp1
/dev/ptyp2
/dev/ptyp3
/dev/ptyp4
/dev/ptyp5
/dev/ptyp6
/dev/ptyp7
/dev/ptyp8
/dev/ptyp9
/dev/ptypa
/dev/ptypb
/dev/ptypc
/dev/ptypd
/dev/ptype
/dev/ptypf
/dev/ptyq0
/dev/ptyq1
/dev/ptyq2
/dev/ptyq3
/dev/ptyq4
/dev/ptyq5
/dev/ptyq6
/dev/ptyq7
/dev/ptyq8
/dev/ptyq9
/dev/ptyqa
/dev/ptyqb
/dev/ptyqc
/dev/ptyqd
/dev/ptyqe
/dev/ptyqf
/dev/ptyr0
/dev/ptyr1
/dev/ptyr2
/dev/ptyr3
/dev/ptyr4
/dev/ptyr5
/dev/ptyr6
/dev/ptyr7
/dev/ptyr8
/dev/ptyr9
/dev/ptyra
/dev/ptyrb
/dev/ptyrc
/dev/ptyrd
/dev/ptyre
/dev/ptyrf
/dev/ptys0
/dev/ptys1
/dev/ptys2
/dev/ptys3
/dev/ptys4
/dev/ptys5
/dev/ptys6
/dev/ptys7
/dev/ptys8
/dev/ptys9
/dev/ptysa
/dev/ptysb
/dev/ptysc
/dev/ptysd
/dev/ptyse
/dev/ptysf
/dev/ptyt0
/dev/ptyt1
/dev/ptyt2
/dev/ptyt3
/dev/ptyt4
/dev/ptyt5
/dev/ptyt6
/dev/ptyt7
/dev/ptyt8
/dev/ptyt9
/dev/ptyta
/dev/ptytb
/dev/ptytc
/dev/ptytd
/dev/ptyte
/dev/ptytf
/dev/ptyu0
/dev/ptyu1
/dev/ptyu2
/dev/ptyu3
/dev/ptyu4
/dev/ptyu5
/dev/ptyu6
/dev/ptyu7
/dev/ptyu8
/dev/ptyu9
/dev/ptyua
/dev/ptyub
/dev/ptyuc
/dev/ptyud
/dev/ptyue
/dev/ptyuf
/dev/ptyv0
/dev/ptyv1
/dev/ptyv2
/dev/ptyv3
/dev/ptyv4
/dev/ptyv5
/dev/ptyv6
/dev/ptyv7
/dev/ptyv8
/dev/ptyv9
/dev/ptyva
/dev/ptyvb
/dev/ptyvc
/dev/ptyvd
/dev/ptyve
/dev/ptyvf
/dev/ptyw0
/dev/ptyw1
/dev/ptyw2
/dev/ptyw3
/dev/ptyw4
/dev/ptyw5
/dev/ptyw6
/dev/ptyw7
/dev/ptyw8
/dev/ptyw9
/dev/ptywa
/dev/ptywb
/dev/ptywc
/dev/ptywd
/dev/ptywe
/dev/ptywf
/dev/random
/dev/rdisk0
/dev/rdisk0s1
/dev/rdisk0s2
/dev/rdisk0s3
/dev/rdisk0s4
/dev/rdisk0s5
/dev/stderr
/dev/stdin
/dev/stdout
/dev/tty
/dev/tty.IrDA-IrCOMMch-b
/dev/tty.modem
/dev/ttyp0
/dev/ttyp1
/dev/ttyp2
/dev/ttyp3
/dev/ttyp4
/dev/ttyp5
/dev/ttyp6
/dev/ttyp7
/dev/ttyp8
/dev/ttyp9
/dev/ttypa
/dev/ttypb
/dev/ttypc
/dev/ttypd
/dev/ttype
/dev/ttypf
/dev/ttyq0
/dev/ttyq1
/dev/ttyq2
/dev/ttyq3
/dev/ttyq4
/dev/ttyq5
/dev/ttyq6
/dev/ttyq7
/dev/ttyq8
/dev/ttyq9
/dev/ttyqa
/dev/ttyqb
/dev/ttyqc
/dev/ttyqd
/dev/ttyqe
/dev/ttyqf
/dev/ttyr0
/dev/ttyr1
/dev/ttyr2
/dev/ttyr3
/dev/ttyr4
/dev/ttyr5
/dev/ttyr6
/dev/ttyr7
/dev/ttyr8
/dev/ttyr9
/dev/ttyra
/dev/ttyrb
/dev/ttyrc
/dev/ttyrd
/dev/ttyre
/dev/ttyrf
/dev/ttys0
/dev/ttys1
/dev/ttys2
/dev/ttys3
/dev/ttys4
/dev/ttys5
/dev/ttys6
/dev/ttys7
/dev/ttys8
/dev/ttys9
/dev/ttysa
/dev/ttysb
/dev/ttysc
/dev/ttysd
/dev/ttyse
/dev/ttysf
/dev/ttyt0
/dev/ttyt1
/dev/ttyt2
/dev/ttyt3
/dev/ttyt4
/dev/ttyt5
/dev/ttyt6
/dev/ttyt7
/dev/ttyt8
/dev/ttyt9
/dev/ttyta
/dev/ttytb
/dev/ttytc
/dev/ttytd
/dev/ttyte
/dev/ttytf
/dev/ttyu0
/dev/ttyu1
/dev/ttyu2
/dev/ttyu3
/dev/ttyu4
/dev/ttyu5
/dev/ttyu6
/dev/ttyu7
/dev/ttyu8
/dev/ttyu9
/dev/ttyua
/dev/ttyub
/dev/ttyuc
/dev/ttyud
/dev/ttyue
/dev/ttyuf
/dev/ttyv0
/dev/ttyv1
/dev/ttyv2
/dev/ttyv3
/dev/ttyv4
/dev/ttyv5
/dev/ttyv6
/dev/ttyv7
/dev/ttyv8
/dev/ttyv9
/dev/ttyva
/dev/ttyvb
/dev/ttyvc
/dev/ttyvd
/dev/ttyve
/dev/ttyvf
/dev/ttyw0
/dev/ttyw1
/dev/ttyw2
/dev/ttyw3
/dev/ttyw4
/dev/ttyw5
/dev/ttyw6
/dev/ttyw7
/dev/ttyw8
/dev/ttyw9
/dev/ttywa
/dev/ttywb
/dev/ttywc
/dev/ttywd
/dev/ttywe
/dev/ttywf
/dev/urandom
/dev/vn0
/dev/vn1
/dev/vn2
/dev/vn3
/dev/zero

A Place for Everything

So what's the point of all this sightseeing?

That there's a place for everything. The operating system itself, since time immemorial, has staked out locations for files for you, for others, and for itself. And when it comes to its own files it maintains a strict no exceptions policy of 'hands off'. For your safety.

Your own applications? They go in ~/Applications. Apple's applications? They go in /Applications. If your own applications have frameworks and they're not embedded? They go in ~/Library/Frameworks. You share your computer - and your software - with others? /Applications and /Library/Frameworks.

You never go in /System/Library. Ever. You've probably understood that by now. But there's a corollary: the code in /System/Library is powerful code. It runs with the highest privileges. Your code doesn't.

And /System/Library is protected but your areas are not.

You'll be adding and removing things all the time from your areas of the disk but your system will remain very constant. You need a stable and secure system but you also need the flexibility to move things around your areas as you please.

The big point here is that you never have sensitive powerful (and potentially destructive) system code residing outside /System/Library.

Theory & Practice

'For the past few days I've been releasing patches for vulnerabilities in an assortment of Mac OS software. This project was intended to be a technical one, and I've never sat down to explain, in clear terms, how the patches work, what Application Enhancer is, or what the potential risks are in running these patches', pens Landon Fuller in the wake of his embarrassing tête-à-tête with the MOAB crew.

Fuller then goes on to laud Unsanity despite his trouncing at the hands of MOAB and despite concerned software engineers both inside and outside Apple raising cries of protest.



And when it comes to addressing the fact that Unsanity left a sensitive system module (APE) outside /System/Library and left it writable by the world, Fuller says simply there was a flaw in the directory.

'This issue is part of a larger collection of vulnerabilities that take advantage of the writability of directories in /Library and elsewhere, such as the DiskManagement vulnerability or the /Library/StartupItems vulnerability fixed in 10.4. In this case, administrators are allowed to write to /Library/Frameworks and Application Enhancer launches one of its binaries from /Library/Frameworks as the root user.'

Which is all quite true, but if you've been following along you'll know what's wrong with that line of reasoning.

Today Fuller works for a company who make online games for kids. Perhaps he's found his true calling. But the thought that he once was a part of systems development at Apple is both staggering and possibly part of the reason things are so screwed up today.

About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.