But macos has a different sudo prompt, and along with TouchID for sudo, it is really easy to spot such things. Also apps have to ask for permission for home folder access, making it difficult to inject it via bashrc or similar
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
Yes, it has a prompt that reads Password: instead of [sudo] password for {user}:. It also runs zsh by default, but that doesn't matter, if you're going to have access to write to someone's home directory and also know how to script, it's just a matter of making it conditional, something like this:
case$OSTYPEin
linux-gnu)sudo_prompt="[sudo] password for {$USER}: ";;
darwin*)sudo_prompt="Password: ";;esacread-s-r-p$sudo_prompt password
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
On a Mac and a Debian box right now, and I can read other people's home directories but not write to them on both systems. I'm not sure what the difference is. If you're saying that some random GUI app that's a trojan has a better chance of writing to someone else's home directory on one system, then ok - I mean I don't really know how that would work, but I'll assume you're right for the sake of this thread.
What you were saying before about the difference in prompts somehow making one more secure than the other doesn't make sense to me though, and it looks like you're moving the goalposts a little.
Different systems will share some vulnerabilities and also have their own separate ones. MacOS is pitched as mostly being for single-user systems where you need physical access to do a lot of damage, where Linux is more likely to be multi-user from the get-go. Both approaches make compromises. There are root escalation vulnerabilities on both we haven't even heard of yet, I'm sure - but it's not as easy as "this script gets you root on Linux, MacOS is secure".
I might be wrong, but I meant writing to the logged in user's home directory. With a normally configured Linux box, applications could write to the same user's home directory without asking for explicit permissions, while with MacOS, this is not the case. MacOS asks for "Documents" permission before allowing an application to write in the home directory making the attack surface much less. I guess you could do some hardening to mitigate this
I've been a professional C, Perl, PHP and Python developer.
I'm an ex-sysadmin from the late 20th century.
These days I do more Javascript and CSS and whatnot, and promote UX and accessibility.
Maybe. I don't remember seeing that, but if it's the case, then if this is something bundled with a GUI app, people are probably just going to click "sure, ok" and if it's a CLI app, I doubt they'd get that prompt.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
But macos has a different sudo prompt, and along with TouchID for sudo, it is really easy to spot such things. Also apps have to ask for permission for home folder access, making it difficult to inject it via bashrc or similar
Yes, it has a prompt that reads
Password:instead of[sudo] password for {user}:. It also runs zsh by default, but that doesn't matter, if you're going to have access to write to someone's home directory and also know how to script, it's just a matter of making it conditional, something like this:Well yes, but applications need explicit permission to access the home directory in MacOS, reducing the attack surface by a lot
On a Mac and a Debian box right now, and I can read other people's home directories but not write to them on both systems. I'm not sure what the difference is. If you're saying that some random GUI app that's a trojan has a better chance of writing to someone else's home directory on one system, then ok - I mean I don't really know how that would work, but I'll assume you're right for the sake of this thread.
What you were saying before about the difference in prompts somehow making one more secure than the other doesn't make sense to me though, and it looks like you're moving the goalposts a little.
Different systems will share some vulnerabilities and also have their own separate ones. MacOS is pitched as mostly being for single-user systems where you need physical access to do a lot of damage, where Linux is more likely to be multi-user from the get-go. Both approaches make compromises. There are root escalation vulnerabilities on both we haven't even heard of yet, I'm sure - but it's not as easy as "this script gets you root on Linux, MacOS is secure".
I might be wrong, but I meant writing to the logged in user's home directory. With a normally configured Linux box, applications could write to the same user's home directory without asking for explicit permissions, while with MacOS, this is not the case. MacOS asks for "Documents" permission before allowing an application to write in the home directory making the attack surface much less. I guess you could do some hardening to mitigate this
Maybe. I don't remember seeing that, but if it's the case, then if this is something bundled with a GUI app, people are probably just going to click "sure, ok" and if it's a CLI app, I doubt they'd get that prompt.