PLEX86  x86- Virtual Machine (VM) Program
 Plex86  |  CVS  |  Mailing List  |  Download  |  Successes  |  In the Media

New Patch Fixes 43 Flaws In OS X, Many Serious 2132


Process *ids* aren't tied to user ids; they are buttigned sequentially.

Processes themselves are identifies by ids, and buttociated with users, and much else.

You don't know how things are handled 'in Unix'; this is evident because all technical details on this point that have entered our discussion have done by from my hand.

snip

What facinating phrasing.

If you tried it, were you able to edit the file you downloaded?

It's like wine. It's better if you let it age. :D

There have been but a few, and those quite crude.

But no magic pixy dust in Mac OS X prevent those from working.

snip

It is quite correct, I butture you.

No. Read-only files *do* have a user id and a group id. (To see this, view them with "Get Info" in the Finder)

They *can* be executed. Indeed, it is very important that this should be so. If a file had to be writable to be executable, then setuid-root files would all be open invitations to abuse: you would need to merely rewrite them with your own, Evil (tm) code, and execute. setuid-root files, to work as designed, must be read-only but executable.

snip

Sure: Javascript and so on. :D

Those are, however, not downloaded in the usual sense: they are embedded in a web page.

It works much the same way as IE 6.0.

No.

In what way is it different? It looks exactly the same to me. WebKit=MSHTML; Safari=IE; Mail=OE.

snip

I have. The security features (such as they are) now appear to work, but the basic "auto install" feature remains.

Try using Apple's widget directory web page. You won't have to hand-install the widgets, if you are using Safari.

Does "go to apple" mean "go to Apple's web page"?

If so, it sounds like you *have* seem auto-installed widgets. You did not have to drag the widget icon into your Widgets directory, did you?

Here's one I dug up with a quick Google search on "Safair Vulnerability":

snpip

There is, for once, truth in what you say. The lack of an auto-repair facility is more secure, but less reliable.

One may argue that given Microsoft's vast market share, and Apple's tiny one, they have both made the correct choices- it is just that the best choice for an specialty OS with few and more sophisticated users need not favor security so much.

New Patch Fixes 43 Flaws In OS X, Many Serious 2134
There is no need to "trace" anything back to root. Unix processes form a tree rooted at init; but...

snip

Yes.

Yes, once you know about it. But it is easily written as well.

The best way to avoid it is to sacrifice performance by using a safer, but slower, programming language- something neither Microsoft nor Apple has been willing to do too much.

New Patch Fixes 43 Flaws In OS X, Many Serious 2133
Daniel Johnson True, but the supposed parent does have an id. And that id is traced back to init. If there isn't a traceable route, then that fork or...

Why so? Just general principles?

Me neither.

Sure. But their behavior is simple and well documented.

snip


List | Previous | Next

New Patch Fixes 43 Flaws In OS X, Many Serious 2133

Mac OSX Advocacy from Newsgroups

New Patch Fixes 43 Flaws In OS X, Many Serious 2131