[OS X TeX] OT: effective Macintosh Trojan in the wild

Aaron Jackson jackson at msrce.howard.edu
Sun May 8 20:41:02 CEST 2005


On May 8, 2005, at 1:58 PM, Bruno Voisin wrote:

> Le 8 mai 05 à 19:14, Aaron Jackson a écrit :
>
>> The whole reason for a clamav user is strictly for UNIX security 
>> purposes.  Basically, you don't want a process to run with root 
>> privileges unless absolutely necessary.  Also along the lines of UNIX 
>> security, a proper implementation should NEVER allow the clamav user 
>> to login i.e. there should be no valid password associated with the 
>> clamav user.  I would assume the people at apple understand this and 
>> made it so.  I'm not going to worry about this...
>
> The clamav user created by clamXav has shell /sbin/nologin (as 
> revealed by NetInfo Manager), thus I assume this means this user can't 
> login.

Yes.  The shell nologin prints the contents of /private/etc/nologin.txt 
and then quits. Of course, this only happens if the account has a valid 
password and the initial login interaction is successful.

As far as security is concerned, paranoia is a good thing.  So in 
addition to not having a valid password other common things to do is to 
make sure the shell is not valid and also there is no valid home 
directory for the user.  Kinda like wearing a belt, suspenders and 
another pair of pants to make sure your pants never fall down 
unexpectedly, because you never want to be caught with your pants 
down...

Aaron
--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>





More information about the macostex-archives mailing list