|
|
|
|
|
|
by 3JPLW
4092 days ago
|
|
|
I'm not so sure. Unless I'm missing something, he doesn't demonstrate that this 'backdoor' is in use. It looks like they were using an escalation backdoor in `systemsetup`, but quickly patched a fix after 10.8.5. He just found a way around it. Now, the fact that 'it takes too much effort' to backport would suggest that it was still in use. I don't see any other evidence, though. I'd be interested if someone found it! |
|
|
systemsetup pointed to the Admin framework.
Admin framework analysis revealed use of "createFileWithContents". The function in which this use occurs is not named in the analysis.
An error message in the initial proof attempt led to "authenticateUsingAuthorization". Back to systemsetup to determine how to use "authenticateUsingAuthorization". (This is where I ended up mentally relinking the issue back to systemsetup.)
So, I concede that is is not stated where within the Admin framework this "createFileWithContents" method is invoked. However, I also agree that if that function was not used, it would be simple to remove it and the issue would be fixed.