Joe Auricchio

Apple just “fixed” CVE-2007-4703.

The “Set access for specific services and applications” setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as “Block incoming connections”. This could result in the unexpected exposure of network services.

I am utterly speechless. Shouldn’t the firewall have been built by a security team? Not a bunch of monkeys smashing their keyboards with a femur then committing?

I’m not sorry if I’ve offended you. If you work for Apple, and the Firewall code passed through your hands, YOU DESERVE TO LOSE YOUR JOB.

Letting any root process listen no matter what is like a bank security guard letting nobody except ex-convicts in after hours. The history of Unix security from Robert Morris up to today is that a single chink in any root daemon’s armor means your entire system is laid bare to anyone who knows what Metasploit is. It is inconceivable to me that someone being paid to write security code in 2007 would turn off all firewalling for any root process—and make it impossible for users to specifically request it.

There are those who say firewalls and network security are solving the wrong problem. At DefCon 15, Bruce Potter made the compelling argument that the right way to improve security is to fix the buggy code, and that “defense in depth” is just a band-aid. That may be, but for today, we still have buggy daemons, and sometimes we want to hide them from the world.

Again: I hope someone at Apple lost his or her goddamned career for this.

This entry was posted Thursday, November 15th, 2007 at 10:37 pm and is filed under Coding, Thinking. You can leave a response, or trackback from your own site.