sektioneins / suidguard Goto Github PK

downloaded the suidguard packages but can't find the tar file mentioned in the discussion
where to look ?

How can I see, if the package is loaded after reboot? And how can it be uninstalled, if Apple fixes the security hole themselves?

How would one go about uninstalling or reverting the changes made by the installer versions SUIDGuard? Wondering if it would cause issues in future OSX updates and also if some other official patch may be released.

SUIDGuard.c:104:

    /* now check if this is a SUID/SGID root binary */
    if ((va.va_mode & (VSUID|VSGID)) && ((va.va_uid == 0) || (va.va_gid == 0))) {
        ...
            printf("SUIDGuard: found and neutralized DYLD_ environment variable for SUID/SGID root binary\n");

This makes the implicit assumption that the only trust boundary that matters is that between not-root and root. I assert that this is not a valid assumption.

There are many systems which have suid binaries owned by other users, for which arbitrary file writing is still a very powerful unexpected capability!

Unfortunately I can't test without the check for {u,g}id == 0 to see if anything breaks (which I highly doubt) unless I disable kext signing completely (which I haven't done) since you can't seem to use self-signed kexts and I'm not part of the Apple developer program thing.

Am I missing something?

There's a brief message about a sigkill on launchd.

Here are the steps to fix:

1. Boot to Recovery Mode by holding Command+R
2. If and only if you have FileVault: Open Disk Utility, select your HD partition, and choose File->Unlock
3. Open Terminal and type (replace Macintosh HD with the name of your hard drive):
   • cd /Volumes/Macintosh HD/Library/Extensions
   • rm -r SUIDGuard.kext
   • touch .
4. Reboot and your computer should work again, however, SUIDGuard will be removed.

Are there any protections present in SUIDGuard which still have not been (properly) addressed by Apple in Sierra?

Seeing an oddity in 10.9.5/10.10.x with 1.0.6.

If ~/Library/Preferences/com.apple.loginwindow.* dictates an application should be re-opened (not confused with SysPref>Users>User>LoginItems, which will open an app, but doesn't care about its saved-state) after restart, then that app loading will crash the entire system (hard, no mouse/keyboard - hard reset required).

Clearing ~/Library/Preferences/com.apple.loginwindow.* and ~/Library/Saved\ Application\ State after kext installation, but prior to restart, also doesn't work - as opening an app to resume it, still crashes it out.

Amused that the app state is persistent beyond ~/Library/Saved\ Application\ State and also that the kext is doing this (yes, booting from recovery or a bootable USB and then removing the kext and going back into the user's env, works just fine).

I have just install this package to my computer and my computer auto dump and hang when open terminal or others which use sudo. Although I restarted my computer but it until hang when I open terminal.
My computer install mac 10.9
Please help me !

I took me a while since I discovered that games like Flatout2 or DirtShowdown won't start anymore.

Message:
kernel[0]: SUIDGuard: disallowed execution of binary without a __PAGEZERO segment

Is this a problem of the games or of SUIDGuard?

The support says the following:
"Due to how our eON technology works, this is normal - the zeropage simply becomes part of our EON_RESERVE segment. All of our games are built in this manner.
This is not a bug in our code, rather it is an assumption by the author of suidguard which happens to clash."

Is this kext signed, and if not, do you recommend disabling kext signing security to install it?