User Name
Password
AppleNova Forums » Genius Bar »

File Sharing and Screen Sharing on 10.5: Major Security Issues


Register Members List Calendar Search FAQ Posting Guidelines
File Sharing and Screen Sharing on 10.5: Major Security Issues
Thread Tools
remlemasi
Formerly “theelmerguy”
 
Join Date: Aug 2005
Location: Irvine, California
 
2008-04-06, 03:46

Here goes:

We have two Macs, 12" iBook G4 1.33Ghz and 20" iMac Core 2 Duo 2.0Ghz, both running 10.5.2.


From the iBook:

File Sharing: I see the iMac in sidebar in Finder. It automatically connects as "Guest." Only the public folder is accessible (I set it as read only for Guests). If I want write access to the entire iMac hard drive, I click "Connect As" and it prompts me to connect as a Guest (which I already am) or as a Registered User. I connect with the iMac's admin account and I can read and write to the entire iMac hard drive. If, at the prompt, I connect as Guest or click "Cancel", it will connect me as a Guest again. If, while connected as the admin, I clicked "Disconnect" it will automatically reconnect as Guest once again.

Screen sharing: I need to enter the iMac's admin account user name and password every time.

This how it should be.



From the iMac:

File Sharing: I see the iBook in the sidebar. It does not connect me as guest but automatically as the iBook's admin with full access the the iBook's hard drive. I click "Disconnect" it disconnects but does not reconnect me as a Guest and displays "Connection Failed." I then click "Connect As" and the prompt is different from the one above: It does not give an option to connect as Guest but only blanks for a Registered User name and password. If I fill it in with the appropriate values, I connect as the iBook's admin. Here's where it gets weird: If, at the prompt, I click "Cancel," it does not go back to "Connection Failed," but it connects me as the iBook's admin, giving full access to the iBook's hard drive!

Screen Sharing: It automatically connects to the iBook every time with no prompt for password.

This is obviously a security problem.

*Note that I had to enter the iBook's admin account name and password once (the first time) for screen sharing and I specifically recall leaving "Remember this password in my keychain" unchecked. I never had to do this for File Sharing as it automatically connected me as the iBook's admin. (I accessed screen sharing before file sharing)




I found this thread at macrumors.com documenting the screen sharing part of my problem, but it was never solved:
http://forums.macrumors.com/showthread.php?t=407574



I really hope you geniuses can help me with this issue.

Thanks.
  quote
remlemasi
Formerly “theelmerguy”
 
Join Date: Aug 2005
Location: Irvine, California
 
2008-04-08, 16:51

Anybody have a clue? I'd really appreciate some help.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 17:39

I have an idea I'll try tonight and share the details.
  quote
remlemasi
Formerly “theelmerguy”
 
Join Date: Aug 2005
Location: Irvine, California
 
2008-04-08, 17:50

Quote:
Originally Posted by Brad View Post
I have an idea I'll try tonight and share the details.
Thanks, Brad.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 18:17

Wow. That's crazy. I have the same issue where it auto-logins when I connect to the other Mac. I'll try narrowing down a cause and hopefully find a logical explanation.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 18:31

Question: do you have FileVault enabled on either of your Macs? Edit: Never mind, that doesn't seem to make a difference.

Also, initial test show that this is looking really, really bad.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2008-04-08, 18:49

I get the same thing without the "connection failed" part. It does auto-connect me, so it makes sense that canceling the prompt would just connect me as my previous user.

What user are you connected as? I've got .mac, so I use my .mac email to connect so "Back to my mac" works.

How about this: launch Screen Sharing (the app, not from the button in the finder). In the application window, what do you see?
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 18:51

Some initial frightening findings:

It seems for me that once I connect from Mac A to Mac B with credentials for an admin user on Mac B, those credentials are preserved until I reboot Mac A. In this setup, Mac B has "Allow guests to connect to shared folders" and only "File Sharing" enabled. Both Macs are running 10.5.2. No Keychain entries exist on either Mac for the other.

Simple steps to reproduce:
  • Reboot Mac A for a "clean" setup.
  • Reboot Mac B for a "clean" setup.
  • On Mac A, connect to Mac B using the Finder sidebar. You should be connected as Guest.
  • On Mac A, click the "Connect as..." button and enter credentials for an admin user of Mac B.
  • Note that you have full access to Mac B from Mac A. This is expected.
  • On Mac A, click Disconnect.
  • Note that on Mac A, it *seems* that you disconnected and are now connected as Guest.
  • On Mac A, navigate somewhere else in the Finder and then click the sidebar share for Mac B.
  • Note that Mac A connects you to Mac B as the admin of Mac B without prompting for credentials. This is certainly not expected.
  • Click Disconnect.
  • Note that on Mac A, it *seems* that you disconnected and are now connected as Guest.
  • On Mac A, log out.
  • On Mac A, log in as the same user.
  • On Mac A, click the sidebar share for Mac B.
  • Note that Mac A connects you to Mac B as the admin of Mac B without prompting for credentials, even after logging out completely on Mac A!! This is certainly not expected.
  • On Mac A, click Disconnect.
  • Note that on Mac A, it *seems* that you disconnected and are now connected as Guest.
  • On Mac A, log out.
  • Reboot Mac B.
  • On Mac A, log in as the same user.
  • On Mac A, click the sidebar share for Mac B.
  • Note that Mac A connects you to Mac B as the admin of Mac B without prompting for credentials, even after logging out and rebooting Mac B!! This is certainly not expected.

WTF.

Only after rebooting Mac A does it lose the automatic admin login for Mac B.



This is somewhat baffling, but I'll continue to test and document my findings and try to find a way to clear the credentials without a full reboot of the client computer.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Taskiss
Veteran Member
 
Join Date: Jul 2007
Location: St. Louis, MO
 
2008-04-08, 19:47

Seems (from reading this thread) to be some sort of cached authentication token. The question I have is - where is the token cached, in ram or on disk. I would be interested in seeing what would happen if sharing were just turned off then back on, but I've only got a single Mac.

real hackers don't use sigs
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 19:50

Turning sharing off on Mac B and back on makes no difference; Mac A still authenticates automatically.

Changing the user's password on Mac B also makes no difference; Mac A still authenticates automatically.


The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Taskiss
Veteran Member
 
Join Date: Jul 2007
Location: St. Louis, MO
 
2008-04-08, 20:26

so... the client seems to be caching the token, I'm guessing the cache manager... do you actually have the rights? If you touch a file, are you the admin? I'm wondering if it's just the view thats cached or are you actually connected...

real hackers don't use sigs
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2008-04-08, 20:32

I'm missing the big picture here. What's the problem with Mac A holding on to login info until it's rebooted? Mac B has nothing to do with it.

Here's an example: Does Safari (Mac A) care if Applenova's server's (Mac B) been rebooted since I last visited? Should it make me re-login if I click on a thread after AN's server reboot? No, and it shouldn't. So, what's the big deal?
  quote
jdcfsu
Veteran Member
 
Join Date: Jun 2006
Location: Florida
 
2008-04-08, 20:42

Quote:
Originally Posted by torifile View Post
Here's an example: Does Safari (Mac A) care if Applenova's server's (Mac B) been rebooted since I last visited? Should it make me re-login if I click on a thread after AN's server reboot? No, and it shouldn't. So, what's the big deal?
I'd agree with you, except for this:

Quote:
Originally Posted by Brad View Post
Changing the user's password on Mac B also makes no difference; Mac A still authenticates automatically.
Should I give login information to someone else for whatever reason, then they disconnect and I change my password, I should think that my system would now be safe... but it isn't so long as they don't reboot their system. Not that I'd give someone admin access to my system, but it doesn't seem right regardless.

90% of statistics can be made to say anything 50% of the time.
Website | Twitter
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 20:44

Quote:
Originally Posted by torifile View Post
I'm missing the big picture here. What's the problem with Mac A holding on to login info until it's rebooted?
The problem is that when you *explicitly* disconnect from Mac B, it should *not* reconnect you automatically and silently. What if you have multiple people using the same account on Mac A, but *not* the same account on Mac B? Again, since this works with admin accounts, anyone else can blow away Mac B even after you "disconnected" from it. It also probably wouldn't be difficult for a script to exploit this "feature" to wreak havoc on external systems to which you *thought* you weren't connected.

What is especially worrisome here is that it seems almost *impossible* to truly disconnect from a server in the Finder if you have authenticated just once.

To draw upon the AppleNova analogy that you mentioned, say you're logged into AppleNova and you click "Log Out". Does it seem sane for Safari to automatically log you back in to the forums as soon as you visit any page on AppleNova again, without any login prompt or confirmation at all?

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2008-04-08, 20:55

Ok. I just tried it again, clearing out my MBP's keychain of all passwords related to my iMac. Connected as an admin to my iMac. Disconnected. Navigated elsewhere in the Finder. Tried to connect again, and I was only connected as a guest.

So, it seems fine here.
  quote
Taskiss
Veteran Member
 
Join Date: Jul 2007
Location: St. Louis, MO
 
2008-04-08, 21:11

Quote:
Originally Posted by Brad View Post
What is especially worrisome here is that it seems almost *impossible* to truly disconnect from a server in the Finder if you have authenticated just once.
But, are you seeing a cached image (for wont of a better term) or are you actually reconnecting and getting the admin account authorization on the mounted volume?
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 21:14

Quote:
Originally Posted by Taskiss View Post
But, are you seeing a cached image (for wont of a better term) or are you actually reconnecting and getting the admin account authorization?
Full and live access. I can view, create, edit, and delete just fine.
  quote
Chinney
Veteran Member
 
Join Date: May 2004
Location: Ottawa, ON
 
2008-04-08, 21:58

I wonder if this is a 10.4 issue as well.

In any event, I certainly agree that it is just wrong in principle for an explicitly disconnected user to be able to connect again without authentication and also wrong as a matter of practical security. I do share user accounts with the kids in our family, but they do not have access to the admin side of things. If I am file sharing one machine and disconnect and leave the machine, I do not expect them to be able to get into the account without authentication. Its not an actual issue with my usage, since I never file share on the admin accounts, but it could very well be for others. I also wonder how further the hole might be exploited.

When there's an eel in the lake that's as long as a snake that's a moray.
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2008-04-08, 22:02

Brad,

What happens if you turn sharing off entirely on Mac B, try to connect with Mac A and then turn it back on Mac B?
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2008-04-08, 23:02

Quote:
Originally Posted by Chinney View Post
I wonder if this is a 10.4 issue as well.
I don't believe so. I only have one machine still running 10.4, but I'll give it a try later anyhow.

Quote:
Originally Posted by torifile View Post
What happens if you turn sharing off entirely on Mac B, try to connect with Mac A and then turn it back on Mac B?
Not sure. I'll try that later too.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
remlemasi
Formerly “theelmerguy”
 
Join Date: Aug 2005
Location: Irvine, California
 
2008-04-09, 00:25

Brad, thanks for looking into this. "Glad" to see I'm not the only one with the problem.

The funny thing is it's one way for me. The iMac unwantedly "stores" the login info for the iBook, but the iBook always asks for the iMac's login info just like it should. With your setup, does Mac B have the same issues connecting to Mac A?

Also, did you try the Screen Sharing issue? It's basically the same security flaw, but just wondering if you experienced it too.

Do you think Apple knows about this? Is there a way to let them know?
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with File Sharing-Security and Sharing all Folders RickR10 Genius Bar 2 2008-02-06 01:00
Problem with File Sharing-Security and Sharing all Folders RickR10 Genius Bar 0 2008-02-03 05:30
Odd problem with sharing folders & screen sharing AubreyL Genius Bar 0 2008-01-28 01:25
VNC Client vs Leopard Screen Sharing digitaldave Genius Bar 2 2007-11-14 14:07


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 02:10.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova