NO RESTRICTIONS
         _____________________________________________________
	      The Computer Incident Advisory Capability
                          ___  __ __    _     ___
                         /       |     / \   /
                         \___  __|__  /___\  \___
         _____________________________________________________
                          Information Bulletin

	       Security Issues with Macintosh System 7

September 18, 1991, 930 PDT	 			Number B-42

  Critical Information about Security Issues with Macintosh System 7
---------------------------------------------------------------------------- 
PROBLEM:  Several security issues exist with Macintosh System 7
PLATFORM: Macintosh System 7 Operating System
DAMAGE:   Potential for unauthorized modification/misuse of all files
SOLUTIONS:   User education of issues involved
---------------------------------------------------------------------------- 


CIAC has been working with Apple, Inc, to identify areas of security
concern within the Macintosh System 7 Operating System.  The default
installation provides very good security in general. However, user
customization raises several security issues.

System 7 allows an individual Macintosh to provide network access to
the local file system ("File Sharing").  When file sharing is enabled
all files within shared folders are accessible over the network.
Thus, users should be aware of what is available to others.  Control
over file sharing is provided through the utilities of "Sharing Setup"
and "Users & Groups", by default located in the Control Panel, and
through the "Sharing..." dialogue located in the File menu of the
Finder.  Each of these is discussed below.

Sharing Setup

To start file sharing on a Macintosh, the "Sharing Setup" control
panel device is utilized.  Once file sharing is turned on by selecting
the "start" button, the entire network has access to the machine with
no capability to deny access to a particular host.

Users & Groups

Access Control is defined using the "Users & Groups" control panel
device.  There are two users defined when file sharing is initially
activated: the Owner and <Guest>.  The Owner had been previously
defined when "Sharing Setup" was first initiated.  By default, <Guest>
is given the same privileges as the Owner.  Passwords are unavailable
to <Guest>.  If sharing access to a disk volume is allowed through the
use of the "Sharing..." dialogue (see below) this default access will
allow anyone on the network to have total access to that disk volume
by simply selecting your machine.  CIAC recommends disallowing guest
access by opening the <Guest> icon and de-selecting "Allow Guests to
Connect".

When first created, a new user has by default no password; a password
can be given by choosing the user, then inserting a password in the
appropriate box.

Sharing...

The final step to file sharing using System 7 is to select a volume to
share, then select "Sharing..." from the File menu, and check the box
entitled "Share this item and it's contents".  At this point, all
folders and files become available to use by anyone who has access to
your Macintosh, as defined in "Users & Groups" above.  The default
access is Everyone has the ability to See Files, See Folders and Make
Changes.  CIAC recommends removing all access to Everyone and
User/Group immediately, by ensuring the six boxes for Everyone and
User/Group are not selected.  Also, to remove access to current
folders on the shared item, CIAC recommends clicking the box "Make all
currently enclosed folders like this one".  This will protect all
current folders residing in the shared volume.  At this point, access
to folders can be given on a case-by-case basis for each user or
group.

Note: if you have turned on sharing for a volume, then configured your
system, and for some reason turn OFF sharing for that volume, the
configuration for the volume and all items dependent on the volume are
reset to the initial default protections as described above.

Miscellaneous

Since the Macintosh does not have any advanced control of password
creation, any password (including no password) would be accepted as
adequate; thus users should be aware of proper password creation
techniques.  No aging of access controls is possible; therefore an
account set up for temporary access, then forgotten, can remain open
for long periods of time without being noticed.  Advanced security
features, such as auditing, password aging, password filtering, and
host authentication are not present.  All the vulnerabilities of
TCP/IP and Appleshare exist since they are also available.  Physical
security of the machine is an important issue since no local user
authentication exists; therefore anyone can walk up to a machine and
modify the sharing setup, add a user, etc. and unless the owner is
very diligent this change can remain undetected.

For additional information or assistance, please contact CIAC:

Karyn Pichnarczyk	   or 	Tom Longstaff
(510) 422-1779 **	    	(510) 423-4416 **

Send e-mail to ciac@llnl.gov or call CIAC at (510) 422-8193 **
FAX messages to:  (510) 423-8002 **
** note new area code 510 replaces 415

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights.  Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California.  The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.