Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Looking in /etc/auto_master, which is the configuration for Autofs, the /net mount point is commented out by default. I do not know when (or if) it was ever turned on by default.


Whether or not a default configuration is vulnerable is a pretty typical component of accessing a vulnerability’s severity.

Unfortunate that the author didn’t mention this.

Obviously this doesn’t excuse the bug, but it’s important to contextualize if we hope to compare relative impact and have frank discussions.


The default configuration was, in fact, vulnerable at the time. Having it be commented out by default is new.


The vulnerability: https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypas...


I'm stilling running Mojave (10.14.x) and it is uncommented. The file dates to 2014 so I suspect it was set up with the original OS that came with this machine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: