[OS X TeX] OT: effective Macintosh Trojan in the wild
Aaron Jackson
jackson at msrce.howard.edu
Sun May 8 20:41:02 CEST 2005
On May 8, 2005, at 1:58 PM, Bruno Voisin wrote:
> Le 8 mai 05 à 19:14, Aaron Jackson a écrit :
>
>> The whole reason for a clamav user is strictly for UNIX security
>> purposes. Basically, you don't want a process to run with root
>> privileges unless absolutely necessary. Also along the lines of UNIX
>> security, a proper implementation should NEVER allow the clamav user
>> to login i.e. there should be no valid password associated with the
>> clamav user. I would assume the people at apple understand this and
>> made it so. I'm not going to worry about this...
>
> The clamav user created by clamXav has shell /sbin/nologin (as
> revealed by NetInfo Manager), thus I assume this means this user can't
> login.
Yes. The shell nologin prints the contents of /private/etc/nologin.txt
and then quits. Of course, this only happens if the account has a valid
password and the initial login interaction is successful.
As far as security is concerned, paranoia is a good thing. So in
addition to not having a valid password other common things to do is to
make sure the shell is not valid and also there is no valid home
directory for the user. Kinda like wearing a belt, suspenders and
another pair of pants to make sure your pants never fall down
unexpectedly, because you never want to be caught with your pants
down...
Aaron
--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
& FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>
More information about the macostex-archives
mailing list