MacOS X software is commonly distributed in an installer package file which allows the user to easily add new programs to their system by double-clicking an icon and dragging a program to the folder where applications are stored. According to various sources, there is a problem with the MacOS X installer program. Six weeks ago, Apple knew that certain MacOS X installer packages could be set up to do things that only administrative users ought to be able to do such as adding a new admin-level account on a MacOS X system, changing the MacOS X kernel (briefly, the lowest-level part of an operating system), or alter any file you want altered, all without prompting most MacOS X users for a password.
“biovizier” said that has been on Apple’s plate for a while (all spelling in context):
Re: Installer priviliges
Posted: Jul 28, 2006 6:53 PM
I heard back from Apple, and the bug report has been marked a “duplicate”. A note sent in parallel to email@example.com received the response that the issue is “known” and is “being addressed”.
This means that the security issue dates back before six weeks and more than one person has reported this issue to Apple. As far as I know, Apple has not yet released a fix for this issue.
There’s even good reason to believe this has gone unaddressed because it was broken by design:
There exists a pretty significant interface problem with the Apple Installer program such that any package requesting admin access via the AdminAuthorization key, when run in an admin user account, is given full root-level access without providing the user with a password prompt during the install. This is even explained in Apple’s Installer documentation as proper behavior. The distinction between the AdminAuthorization and RootAuthorization keys is, simply, whether or not the admin user is prompted for a password; the end powers are exactly the same and it is up to the creator of the package as to if he will be kind enough to ask for a password.
Since many progressives insist on running proprietary MacOS X software, it’s worth asking: how’s your proprietor treating you?
The fact that security bugs exist isn’t the problem. Any sufficiently complex system, regardless of its licensing, has bugs and all programmers know this. That the security problems persist for months is a problem, but not the worst problem. Software is “soft” meaning that it can be changed, problems can be fixed, features can be added, programs can be improved.
The worst part of this problem is that with proprietary software, only the proprietor can fix this issue. Proprietors are monopolists. No matter how responsive the proprietor is, users cannot help themselves nor each other. Proprietary software holds users helpless and divided.
If users had software freedom, a free market could grow to provide support for the software. Many programmers could have worked on this issue and it is likely that at least one of them would have produced a fix well before Apple gets around to it (assuming they ever do). There are many motivations for 3rd party programmers to do just this and history has shown that people will often do significant programming work just for the recognition that comes with helping the community (a large part of MacOS X’s underlying OS is built and distributed on this principle). Proprietary systems effectively insulate the proprietor from the ravages of competition; their users have to choose between waiting for the proprietor to fix problems and ceasing to run the non-free software.
Perhaps now that this issue has received some more publicity (on Slashdot, probably Digg, and Mac Geekery) it will get the kind of attention that will change how installer software works. It should be noted that this is not a reliable way to motivate proprietors to do their freedom-denying work in a way that meets the user’s needs.