Member
2007-09-07, 12:29 PM
Yes, thanks for explaining it so clearly, Jonathan. :-)
Some more points: Yes, you CAN wipe out your whole system as an admin user, as far as OS X is concerned, not the unix core. No problem to completely delete /Applications and /Library—you won't have much fun with your OS after that. True, you can't delete the unix dirs like /usr, but that's not really a major feature.
I'm not exactly sure if Mail.app can be scripted to send a mail without user interaction—I think it is only possible to open a prefilled window with a mail ready to be sent by the user. If so, malicious code cannot send mail if the user's SMTP server requires authentication: The user and pw for the smtp server are stored in the Keychain, and if any new app wants to access those values, the user is asked first to give permission. So if Mail.app cannot be altered, mailcious code isn't able to send mail. (Given that the unix mail engine isn't configured to be able to send mails, as is the default.)
For editing /etc/hosts and similar stuff, just use the unix set user command su. My admin account has the username rozottel; in the terminal I can just type "su rozottel" and then "sudo vi /etc/hosts", e.g.. (Change to a directory your admin account has read permissions for before or after you execute the su command; you will get strange error messages otherwise.)
Unfortunately, I just found out that, by default, it doesn't actually add security to be a normal user giving admin credentials when installing soft to /Applications—the *.app dirs are owned by my normal account, thus giving any malicious code the possibility to write to the subdirs. X-( This is not the case for most software that has been installed by installers (so my complete /Library is safe, e.g.), not by just drag&dropping, but everything else is vulnerable.
If you want to make sure your /Applications directory is safe, do the following:
Open Terminal.app, su to your admin user and cd to /Applications. Then type
sudo chown -R root:admin *
I'd probably better make this a cronjob. :-/