Risks of Panther Access Changes

Author: Ken EdwardsPublished: Nov 12, 2003 at 11:16 am 1 comment
Last week (and in our Panther Special Report) we covered the change in Panther that lets any administrative user move, or even delete, important system-level files by simply authenticating (providing their admin account password) when trying to perform the action.

What we didn't cover at the time is the fact that what is actually happening "behind the scenes" is that you are actually using the Unix sudo command—a way to temporarily perform actions with root-level access—to execute the desired action.

Why this is important is that the sudo command has a built in timer: once you've authenticated, it provides you with that root-level access for five minutes (by default). So after you've first authenticated, subsequent actions—even dangerous ones that could render OS X inoperable—can be performed without requiring you to authenticate again. Obviously, this could result in a messy situation. However, at least you're aware that you've authenticated, so you know to be careful what you do for the next five minutes or so.

The real danger of this "feature"—as pointed out to us by Chris Breen, Macworld Magazine's 911 columnist—is that when an admin-level user logs in, the act of logging in itself constitutes an authentication. In other words, for the first five minutes after logging in, you have root-level access and you probably aren't even aware of it. You can move or delete system-level files without being warned and without being prompted to authenticate—it just works. After those first five minutes are up, you resume your normal level of access. As Chris pointed out, these first five minutes can be quite risky:

"I've confirmed this by dragging my System folder to the Trash. And no, I couldn't get it out again without booting into Mac OS 9 and recovering it from the .Trashes file."

We would add that sometimes people accidentally delete files—using the command+delete keyboard combination in Mac OS X's column view sometimes makes it easy to delete an enclosing folder rather than the sub-folder you actually wanted to delete. In fact, Chris makes another good point about the risks of this situation:

Continued on the next page Page 1 — Page 2

Article tags

Spread the word
Bookmark and Share
Profile image for Ken Edwards

Article Author: Ken Edwards

Ken Edwards is the Gaming Editor at Blogcritics, and calls Breaking Windows home. Ken works part time for Student Publications at BGSU as the Webmaster and System Administrator. He is also a freelance web developer.

Visit Ken Edwards's author pageKen Edwards's Blog

Read comments on this article, and add some feedback of your own

Article comments

  • 1 - Douglas Dir

    Aug 21, 2004 at 11:08 pm

    What happened to bookofjoe? It's now password protected? How do I get access?

    Peace,
    DOUG

Add your comment, speak your mind

Personal attacks are NOT allowed.
Please read our comment policy.

blogcritics lists for Jul 09, 2009

fresh articles Most recent articles site-wide

fresh comments Most recent comments site-wide

most comments Most comments in 24hrs

top writers Most prolific Blogcritics for June

top commenters Most prolific Commenters in 24 hrs

Sci/Tech Highlights