About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Home » Learning Curve

Yours Mine & Ours II

Personal computing isn't personal anymore, and the personal computer isn't personal either. What's mine isn't necessarily yours, or even ours; if it was, it might be no one's.


Buy It

Try It

Open any book or article on Unix and OS X security and you're bound to find a discussion of file protection modes and who you are in relation to them.

As most OS X users know by now, Unix has three sets of file modes for the file's owner, the file's group, and everyone else - which makes perfect sense, as Unix was from the get-go a multi-user system.

Launch the ADC tool 'SetFile' with no arguments and you see the following.

Usage: SetFile [option...] file...
    -a attributes     # attributes (lowercase = 0, uppercase = 1)*
    -c creator        # file creator
    -d date           # creation date (mm/dd/[yy]yy [hh:mm[:ss] [AM | PM]])*
    -m date           # modification date (mm/dd/[yy]yy [hh:mm[:ss] [AM | PM]])*
    -t type           # file type

    Note: The following attributes may be used with the -a option:
        A   Alias file
        B   Bundle
        C   Custom icon*
        D   Desktop*
        E   Hidden extension*
        I   Inited*
        M   Shared (can run multiple times)
        N   No INIT resources
        L   Locked
        S   System (name locked)
        T   Stationary
        V   Invisible*

    Note: Items marked with an asterisk (*) are allowed with folders
    Note: Period (.) represents the current date and time.
    Note: [yy]yy < 100 assumes 21th century, e.g. 20yy

It's the part with the file attributes that's interesting. There's only one attribute that affects access, and it's only the user against the system.

The system never asks who the user is - which again makes perfect sense, as when these devices were first designed, the user was whoever had physical access to the machine.

Even the 'V' (Invisible) flag is innocuous, as it only affects what Finder will do, not what other file browsing utilities, tools, and third party programs will be capable of.

MacOS and HFS are totally incapable of granular control of read, write, and execute file access.

In 1984 it was still a five year wait for Sir Tim to invent the web, a seven year wait for the world's first web browser, and a ten year wait before any kind of connectivity was to emerge in personal computing. Putting a lock on your computer room door was the way you kept the bad guys out.

Now we're connected, and anyone can come through the door at any time, and file attributes like Alias, Bundle, and Custom icon don't exactly scare off the bad guys. Thankfully OS X has Unix file modes, but the casual OS X user has no practical way to utilise these modes with out of the box tools.

All the user has is Finder.

Finder can be a help in seeing (and controlling) protective Unix file modes, but it's difficult to use effectively. The 'Get Info' dialog is the only indication given by this Carbon application that there's a more sophisticated security model under the bonnet.

You can select multiple files for the 'Get Info' dialog, but things get dicey if their modes don't exactly match - in such case you can still set whatever modes you want, but you can't see what they are before you've set them.

A bit of what Tom Hanks in Saving Private Ryan called 'looking for a needle in a stack of needles'.

And Finder doesn't even let on about the all-important SGID and SUID bits - perhaps the most perpetrated security holes ever (see below).

The typical OS X install has 10,000 - 15,000 folders and 80,000 files.

That's lot of places for the bad guys to hide.

Finder won't take you to but a handful of them, and won't be much help even when you get there. Knowing a folder uses a custom icon is hardly a crucial security issue.

The typical OS X install also has the standard Unix firewall, which is good protection; but malware scripts such as Renepo show that if and when an interloper gains access - especially root access - a lot of damage will result.

If an interloper wants to control your machine, access is not enough. This is not MacOS, this is Unix: the key to the computer room door won't do it. The interloper must also gain root access.

Trouble is, if you have an interloper lurking there on your machine, how are you going to know?

How are you going to plug the holes so it can't get root?

Everything is fine as long as your firewall holds; as long as you don't open any dumb mail attachments; as long as you don't give software installers your password.

But when your perimeter breaks and all you've got to defend you is Finder, you've really got no defence at all.

See Also
ACP: Xattrib
ACP: Xfile System
ACP: Xfile — The Standard Setter
Learning Curve: Yours Mine & Ours

About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.