Files, directories, and devices that are writable by any user (“world-writable”) on a multi-user system can be dangerous locally exploitable security holes. There are very few legitimate reasons for having world-writable files and directories on a system.
Many UNIX and Linux systems actually have cron jobs that check for world-writable files. On Apple’s OS X there is no such safeguard and many vendors do not seem to care about file permissions much at all. Several well-known applications are either installed with world-writable files or create them when used:
World-writable files in system directories
The following applications install world-writable files in shared directories (/Applications, /Library, …):
- Adobe CS 4, CS 5: Some uninstallers + several files and directories in /Library/Application Support + various stuff in other locations
-
Adobe Media Player: directory + some files in
Contents/Resources -
Adobe Flash Player: directories (including
AddInsundAddIns/airappinstaller) - Amazon MP3 Downloader: some directories
- EPSON (Scan, TWAIN data source, Easy Photo Print, …): pretty much everything, including executables
- Eye-One Match 3: complete app, including executable
- eMusic Download Manager: complete app, including executable and JavaScript (the application is based on Mozilla)
- Telltale games: complete apps including executable and libraries
- Apple OS X: some plist and cache files, including at least one LaunchDaemon plist file
- Google+Growl Utility (not a Google product): whole app including executable
- HP Scan Pro (plus supporting files): everything including executables
- DivX Converter: resource files
- Apple Remote Desktop: some plist files
- Apple GarageBand: several plist and data files
- Apple ColorSync: some profiles
- Microsoft Office 2011: directory in /Library Application Support
- Elgato EyeTV: several plist files
- ABBYY FineReader Sprint 8.0: several data files
- ArcSoft (Connect Suite, MediaImpression 2): all files, including executables
- Extensis Suitcase Fusion 2: all files, including executables
World-writable files in user directories
The following applications install world-writable files in user directories (/Users/$USER):
- GoogleGrowl.plugin: whole plugin including executable
- 3rd-party extensions for Apple Safari: some extensions (e.g. AdBlock) install world-writable files
- Apple iPhoto: the whole library seems to be world-writable
- Adium add-ons: several add-ons install world-writable files
- eMusic Download Manager:some preferences files are world-writable
- Adobe (CS 4, CS5, Flash, …): several preferences files
- Apple MobileDevice: crash logs are world-writable
The lists have been compiled by inspecting my own systems and those of several friends by running
sudo sh -c \ "find / -xdev -perm +o=w ! \( -type d -perm +o=t \) ! -type l -print0 | \ xargs -0 ls -dl 2>&1 | \ tee world-writable-files.txt"
and analyzing the output.
Note that running Disk Utility‘s “Repair Disk Permissions” does not have any influence on the issues described here.
Most OS X installations are probably single-user systems in reality but the situation is still somewhat ugly.