I like documentation. Programs should have it. But on the heels of the man path thing I did some more looking on my Snow Leopard System.
Finding all the SUID files outside the traditional /sbin areas shows a few more (e.g. “find -x / -type f -perm -04000 -ls”.) Looks like 15 files, 8 of them by 3rd party vendors (good to know lazy coders are still out there):
/Library/Application Support/Logitech.localized/Logitech Control Center.localized/LCCDaemon.app/Contents/Resources/SetPriority
/Library/Application Support/StreamWatcher/StreamCaptureTool
/Library/Application Support/VMware Fusion/VMDKMounter.app/Contents/MacOS/vmware-vmdkMounterTool
/Library/Application Support/VMware Fusion/vmware-authd
/Library/Application Support/VMware Fusion/vmware-rawdiskCreator
/Library/Application Support/VMware Fusion/vmware-usbArbitratorTool
/Library/Application Support/VMware Fusion/vmware-vmx
/Library/Application Support/VMware Fusion/vmware-vmx-debug
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
/System/Library/Printers/IOMs/LPRIOM.plugin/Contents/MacOS/LPRIOMHelper
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/readconfig
/System/Library/PrivateFrameworks/Admin.framework/Versions/A/Resources/writeconfig
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Resources/Locum
/System/Library/PrivateFrameworks/Install.framework/Versions/A/Resources/runner
No man pages here either… but thanks to the streamwatcher programmers who put a SUID binary when I installed the test version.
VMware was kind enough to put a 33MB and a 41MB SUID on my system, I’m sure they have no security issues. Do they honestly think you can make 40 megs of SUID executable safe? ARDAgent, another 1.8MB SUID… searching… great, tons of holes found in that already, some people never learn. Bah, time to strip off the SUID bit.
Let’s see… “find /System -type f -perm -00100 -ls |wc” gives… 3594 executables. Probably not all of them, so run file(1) on them all, and:
1649 Mach-O universal binary with 3 architectures
876 Mach-O universal binary with 2 architectures
…. and a whole lot more… perl, python, other scripts, conf files….
Surely they have documentation? Find reveals… 104 man page lookin’ things in /System and /Library, almost all for python, ruby, TK stuff. And when apple puts in 5 different executables called QuartzComposer… what are you supposed to think when you see it running?
-rwxr-xr-x 1 root wheel 95424 May 19 2009 /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/Resources/QuartzComposer.ibplugin/Contents/MacOS/QuartzComposer
-rwxr-xr-x 1 root wheel 54704 Sep 15 2010 /System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/Generators/QuartzComposer.qlgenerator/Contents/MacOS/QuartzComposer
-rwxr-xr-x 1 root wheel 132848 Jun 25 2010 /System/Library/QuickTime/QuartzComposer.component/Contents/MacOS/QuartzComposer
-rwxr-xr-x 1 root wheel 48912 May 18 2009 /System/Library/Spotlight/QuartzComposer.mdimporter/Contents/MacOS/QuartzComposer
Some of these are documented pretty well in other ways (Automator and some other apps), but there are many more than have zero… picking a random one in /System/Library/CoreServices/, I see SystemUIServer.app has a program called uiscriptrunner that it presumably runs… what does that do? No documentation, no mention of it at all on apple.com via google or their search engine.
A big, black box.
Get off my lawn, all of you.
Sorry, the comment form is closed at this time.