Mailing List SIMS@mail.stalker.com Message #15248
From: chris <cb@mythtech.net>
Subject: Re: ASSP
Date: Thu, 15 Jun 2006 00:07:31 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Claris Emailer 2.0v3 p3, January 22, 1998
>Does it work OK with a user who  
>doesn't have admin privs?

I realized I didn't need to wait until tomorrow to test this, I can test
it now. And my findings were surprising.

On OS X 10.4.6, you CAN run SIMS in Classic under a user account that
does NOT have admin privileges!

I have a non admin account on my home OS X machine. This is an account I
setup specifically for allowing outside people to FTP to my machine. I
didn't want anonymous access available, but I wanted darn near it. So
this is an account that is a non admin, managed account, and has all
possible restrictions placed on it that OS X allows thru its standard
interface (basically, all the parental controls are turned on).

I log into that user, started SIMS, walked over to my PC, and was
successfully able to telnet to port 25 and port 110 with no issues.


I consider this a security flaw as a non admin should NOT be allowed to
listen on ports below 1024. This may be changeable thru firewall or other
settings... by the default setup for a non admin user under 10.4.6
appears to allow the user, at least via Classic, to listen on privileged
ports.

Sure, that's good for those of us that want to run SIMS in Classic and
not leave an admin account logged in to do so... but it is still a
security flaw in my opinion as it should not happen "out of the box" as
it does now.

-chris
<http://www.mythtech.net>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster