New Patch Fixes 43 Flaws In OS X, Many Serious 2130
I think I've made my case; but this is not related to it. I think the answer has not to do with how processes are started, because I do not think that Timberwoof, or you, have any answers.
It isn't. Try it.
IE runs on the Mac.
No; even if a browser were written that did mark all downloads as read-only, it would do not good.
I have no idea why some Mac users think it would.
No; Mac acolytes seem terribly attached to this notion, but it was never true. There have been exploitable bugs in IE, but they didn't involve the user downloading things; they were things that happened while browsing web pages.
(Which, if anything, is worse, but never mind that. :D )
As a rule, what happens to OE is that it hosts IE to render HTML mail, and if IE is exploitable, OE is too.
There is no need to "trace" anything back to root. Unix processes form a tree...
It's a lot like Apple's Mail and WebKit, actually.
Interestingly, Safari has some trouble here. To this day it still installs downloaded dashboard widgets for you.
This does not actually run them, but it makes it all to easy to do by accident.
At least the "first run" warning actually works now.
Of course, Safari has also had a few bugs where downloaded executables would run automatically, as well as the usual buffer overflows and such.
An interesting point: Microsoft's much maligned "Registry" displays an advantage here:
The auto-run-executable bugs that Apple has had are bugs in the Finder, or in the launcher APIs. They happen because Mac OS X tries to be very smart and figure out how to work with an app automatically. This is why you don't need to install some apps. But 'very smart' code is very complex and there have been bugs in it. It can be tricked into running things that it shouldn't.
The registry is much simpler: the keys that tell the OS how to work with the app must be put there explicitly. You must have an installer to do this, but the user must explicitly *run* the installer. It won't be done for him. There's no 'smart' auto-configuration, and no self-repair.
Once the keys are installed, then the OS may execute the application automatically. But this cannot happen until the installer runs. (And that's also a program so if it's malicious, registry keys are the least of your worries).
snip
They do have the user's uid and gid, of course. Most of the recent Safari bugs are buffer overflows; injected code will then run inside Safari with the user's uid and gid.
The auto-execute-downloaded-file bugs are Finder bugs, and auto-exected files will be launched by the Finder, but it's the same uid and gid.
What other would you expect?
Daniel Johnson You haven't made any case. First you better understand how the kernel gives out unique process ids first and also tied to the user id. Guffaw!!! Squirming...
Well, I supose "complicated" is relative, after all...