HUGE Security hole

[niels]

If you're logged out & Retrospect starts, you'll see the Apple Menu on the login screen. From here, you can select System Preferences & change users names & passwords & also change regular users to admin users. You can even delete users. You could also change the startup disk & basically bypass any security that logins would normally provide. The only account you cannot change here is the Root account. This is a huge problem. I hope that Dantz has a fix for this quickly. Perhaps having the background process run without a GUI would be a solution.

[johnpitcairn]

Lock the Users, Network, Startup Disk (etc) preference panes, which will then require an admin password to change anything. But yes, I'd prefer Apple menu to be inaccessible...

 

 

 

John Pitcair

[Mayoff]

This is very good feedback. Thank you. I will do an investigation and report the situation to the engineers as necessary.

[CallMeDave]

As noted, the Mac OS X security model includes the ability to lock preference panes out to non-administrator users.

 

 

 

Plus, it takes an administrator password just to _launch_ Retrospect. So a casual user cannot setup a script in order to take advantage of this situation.

 

 

 

A Retrospect administrator who wants preference security should lock down the settings and sleep soundly.

 

 

 

Dave

 

 

 

 

[niels]

In OS X, normally preferences such as startup disk & users are locked for non-admin users. The problem is that since the Retrospect application runs with admin privileges, it's as though it has logged in, so you can still access the privileges. Although, I can lock the prefs myself for further security, it doesn't negate the security problem that is there.

[NCSUCPE]

Timbuktu had the same problem with the first beta! This is definitely a big security problem! Timbuktu released an update within a day or so of the report. I wonder if our friends here at Dantz will be as quick.

 

 

 

John

[niels]

I checked to see if locking the preference panels & then logging out would actually lock them. It doesn't. I was still able to go in & change everything once Retrospect started & brought up the Apple menu. Locking the preference pane only locks it for the current login session. Logging in with the same user that had locked the system prefs, & then opening them shows them unlocked. The use of locking them is if you don't want to log out, but don't want anyone who might approach your machine to change settings. Although, you can have some login security by using the screen saver lockout. Also, if I login with the Retrospect window open, the application continues running, but I get an authentication box with root filled in as the user. I believe Retrospect needs to run as root in order to be able to restore with full privileges. So, it seems as though this security hole is more than just admin rights, it's root privileges!

[maniabug]

It has been the better part of a month. Has this issue been addressed by an update?

[IrenaS]

Dantz is aware of and actively investigating this issue. We do not have a fix at this time.