Focus on Apple
PWN to OWN at CanSecWest Mar 29 2007 12:45AM
mfossi securityfocus com (1 replies)
RE: PWN to OWN at CanSecWest Mar 29 2007 12:02PM
Don Rhodes (drhodes mail colgate edu) (1 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 04:31PM
Dave Schroeder (das doit wisc edu) (2 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 09:53PM
Dragos Ruiu (dr kyx net) (1 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 10:10PM
Dave Schroeder (das doit wisc edu)
Re: PWN to OWN at CanSecWest Mar 29 2007 09:40PM
matthew patton (pattonme yahoo com) (2 replies)
Re: PWN to OWN at CanSecWest Mar 30 2007 12:33PM
Jeramey Valley (ValleyJR mps k12 mi us)
Re: PWN to OWN at CanSecWest Mar 29 2007 10:49PM
Eric Hall (securityfocus darkart com) (1 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 10:00PM
John Smith (genericjohnsmith gmail com)

On Mar 29, 2007, at 10:49 PM, Eric Hall wrote:

> On Thu, Mar 29, 2007 at 02:40:06PM -0700, matthew patton wrote:
>>> goes on. Certainly there could be a vulnerability in a service that
>>> ships with Mac OS X. Personally, I have my eye on Bonjour,
>>> especially
>>> since mDNSResponder runs as root...
>>
>> and disabling the cursed thing is not especially easy and impossible
>> for the typical home user. If I want to be lazy and "discover local
>> printers" I'd prefer to click on such a button that enables the
>> service
>> for 10 minutes and then shuts the &#(@ing thing down.
>>
>> I find it exceedingly annoying that some capabilities have to be
>> killed
>> thru hand mangling of .xml files, or editing system config files or
>> using the control panel. If you're going to have a GUI to control
>> services, then by gosh that GUI had better handle EVERY service! It's
>> OK to have an "expert" button that deals with the more essoteric
>> stuff,
>> lest the lusers have to expend too many brain cells.
>>
>
> 'launchctl' can be used to control mDNSResponder in Tiger.
> Its not the easiest, but it is better than "hand mangling of .xml
> files"
> and such.

Google "disable bonjour" and you will *almost* have the exact command
to simply shut it down. The correct one is:

sudo launchctl unload -w /System/Library/LaunchDaemons/
com.apple.mDNSResponder.plist

I always turn it off on all my machines until I need it for whatever
reason, and I agree that there should be a central point of enabling/
disabling for all things on your machine (by forcing applications to
register their use with the local mDNS daemon or something, so that
applications can be overridden).

See this, predating Mr. Beale's interest in the security implications
of Bonjour...1 packet OSX fingerprinting which bypasses the firewall
for all!
http://lists.apple.com/archives/bonjour-dev/2005/Dec/msg00012.html

(parenthetically, you don't even want to know how ridiculous Bonjour
is on CMU's network, where the entire campus wide wireless network is
bridged at the link level ;) Bonjour exploits seem like they would be
of limited pwnage until you see like 200+ people on bonjour, and
getting on the wireless is only a MAC spoof away...that said, Bonjour
is open source, so either there are no 'sploits or people are hella
lazy (in my case, the latter))

John

>
> I like the idea of an 'expert' or 'advanced' button that would
> provide controls for things like mDNSResponder.
>
>
>
> -eric
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus