[kismac] Re: suid off

  • From: Robin L Darroch <robin@xxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Fri, 29 Apr 2005 06:45:09 +0800

Thanks to everyone for all the feedback on this - the clarification that it is just scripts which are not allowed SETUID in other Unix implementations (and now Mac OS X) makes more sense.

To be honest, I don't see this as a problem. So you have to type in your admin password when you go to start doing WiFi sniffing/scanning in passive mode -- big deal.

Active mode doesn't require an admin password, and you shouldn't be doing this sort of stuff if you're not capable of doing administrative tasks on the machine -- mucking about replacing the standard system-provided device drivers with customized third-party drivers is not for the faint-of-heart.

Agreed on both counts... were I driving around with a deployed Unix server. :) As is always the case, it's up to the administrator to determine an appropriate balance between convenience and security. Apple are quite right to go with other Unix implementations in now choosing the more secure option by default - and thanks to the command posted earlier for turning SETUID scripts back on, I can make (and live with) the decision to choose the more convenient option instead.

Thanks again!

 Robin L. Darroch - PO Box 2715, South Hedland WA 6722 - +61 421 503 966
      robin@xxxxxxxxxxxxx - robin@xxxxxxxxxxx - robin@xxxxxxxxxxxxx

Other related posts: