|
|
NeXTstep BuildDisk Vulnerability
Solution: Change the permissions on the "BuildDisk" application allowing only root to execute it. This can be accomplished with the command: # chmod 4700 /NextApps/BuildDisk To remove "BuildDisk" from the default icon dock for new users, do the following: 1. Create a new user account using the UserManager application. 2. Log into the machine as that new user. 3. Remove the BuildDisk application from the Application Dock by dragging it out. 4. Log out of the new account and log back in as root. 5. Copy the file in ~newuser/.NeXT/.dock to /usr/template/user/.NeXT/.dock (where ~newuser is the home directory of the new user account) 6. Set the protections appropriately using the following command: # chmod 555 /usr/template/user/.NeXT/.dock 7. If you wish, with UserManager, remove the user account that you created in step 1. In release 2.0, the BuildDisk application will prompt for the root password if it is run by a normal user. |
|
Privacy Statement |