By John Gruber
Build web apps, iOS apps, and workflows with Retool.
By creating a malicious package and setting the authorization level to
AdminAuthorizationin the package, an attacker can modify root-owned files, execute commands as root, or install setuid-root programs without alerting the user that such actions are taking place. The problem is compounded when you consider that over 90% of Mac OS X users run as the administrator user because it’s what the default user created by the system is.
Knight’s recommendation is not to use an admin account as your main user account; if you do (and I’ll admit I do), my advice is to be very wary of installer packages. Worth noting also that Bill Bumgarner doesn’t run his main user account with admin privileges, either.
★ Monday, 18 September 2006