undefined | Better HN

0 pointsmichaelmcmillan8y ago0 comments

I think it is safe to assume that complexity is highly correlated with number of lines of code. And with complexity grows bugs.

On the surface, this particular exploit on macOS seems to be caused by a totally unrelated subsystem (security vs. GUI).

0 comments

mikeash8y ago

I don't see any evidence that this exploit is related to the GUI at all. The GUI just happens to be the easiest way to do it. Other commenters have mentioned that you can use the exploit with `su`.

In any case, in a desktop system you shove everything together and then try to modularize it with good design and weak tools like UNIX processes. In a car, the safety-critical systems are literally running on separate hardware with limited communication over a specialized data bus. Of course it's still possible for them to have bugs or even exploits, but the complexity of the infotainment system is irrelevant, aside from making it a potential jumping-off point for using an exploit in the safety-critical systems.

Counting the infotainment system here makes about as much sense as counting the number of lines in Windows when talking about a Mac vulnerability because a Windows machine could be used to launch an attack.

michaelmcmillanOP8y ago

"Apple root bug appears to be triggered only by logins coming from com.apple.loginwindow. Running "su" with a blank password won't get you a root shell." [1]

As for your subsystem argument, explain this: https://www.youtube.com/watch?v=OobLb1McxnI&feature=youtu.be...

[1] https://twitter.com/0xAmit/status/935609423485169664

mikeash8y ago

There are a bunch of replies to that tweet saying that it does work, you just have to do it a certain way.

That video is explained by using the infotainment systems as a bridge, exactly as I described in my previous comment.

Dylan168078y ago

> I think it is safe to assume that complexity is highly correlated with number of lines of code. And with complexity grows bugs.

But it's still wrong to focus on total complexity. You want to look at the complexity of the relevant system.

michaelmcmillanOP8y ago

Not so sure: "Apple root bug appears to be triggered only by logins coming from com.apple.loginwindow. Running "su" with a blank password won't get you a root shell." https://twitter.com/0xAmit/status/935609423485169664

Dylan168078y ago

You can't blame com.apple.loginwindow for that. The security boundary is at the login processing. If it processes requests differently from certain systems then it's misbehaving. If we wanted to make this secure we would only need to carefully craft it, and even if com.apple.loginwindow was the most complex heap of bugs in the world it wouldn't matter.

1 more reply

j / k navigate · click thread line to collapse

0 comments

mikeash8y ago

I don't see any evidence that this exploit is related to the GUI at all. The GUI just happens to be the easiest way to do it. Other commenters have mentioned that you can use the exploit with `su`.

michaelmcmillanOP8y ago

"Apple root bug appears to be triggered only by logins coming from com.apple.loginwindow. Running "su" with a blank password won't get you a root shell." [1]

As for your subsystem argument, explain this: https://www.youtube.com/watch?v=OobLb1McxnI&feature=youtu.be...

[1] https://twitter.com/0xAmit/status/935609423485169664

mikeash8y ago

There are a bunch of replies to that tweet saying that it does work, you just have to do it a certain way.

That video is explained by using the infotainment systems as a bridge, exactly as I described in my previous comment.

Dylan168078y ago

> I think it is safe to assume that complexity is highly correlated with number of lines of code. And with complexity grows bugs.

But it's still wrong to focus on total complexity. You want to look at the complexity of the relevant system.

michaelmcmillanOP8y ago

Dylan168078y ago

1 more reply

j / k navigate · click thread line to collapse