The Washington Post says Parallels is bad...

That's true, and that's a concern for people who are expecting Parallels to provide protection from Windows malware. However the visibility of /tmp and /var/tmp shouldn't be that great a problem, since they're not in your path and software is already supposed to treat them as "untrusted"[1]. I would hope I could trust Parallels as much as I would trust any other unprivileged application for which I don't have source[2].

[1] Yes, I know a lot of recent software assumes that it's running single user, but Mac software tends to use ~/Library/Caches and traditional UNIX software grew up in a more hostile environment. When I was at college we had thousands of undergrads sharing the same PDP-11/70s using BSD and there were surprisingly few interesting incidents... though I happened to cause one myself when I discovered that one version of "write" was setuid root and didn't drop permissions when forking a shell. Oops.

[2] Which is probably not as far as most people.

 

I was the one who offered the rm -r */ example and it is quite dangerous. There was a time, for example, that Parallels installed a component of itself and left the permissions at "666". Hopefully that is a rare exception. However, there are enough user writeable things on the file system that such a command can be a disaster and any trivial UNC malware running in Windows can do just that. That is not, by far, the worst thing a malware can do.

As for this not being a significant exposure for most users - it would be more accurate to say it is the same exposer for all users, but not a concern to all users. There are people who do not care and there are others who would rather avoid this exposure. The greater concern is there are a lot of people who don't know about this and so don't have the luxury of making this choice.

 

Imagine a scenario where a Windows malware plants a binary or Perl script in /var/tmp. Most people won't know to look for changes there because that directory changes constantly. Now the malware edits or replaces your shell rc file and adds a line to execute that planted code the next time you run a shell script. Now you have a native process executing on your Mac that was installed by Windows malware and it can do anything you can do. Now let's say it copies your virtual machines to a remote site and the thief installs and runs them. They have your machine, your applications, and your data. Worst case is they find a password and decide to revisit your system. Now what?

Ok - to be practical: Is this possible? Yes. Is this probable? No. Feeling lucky?

 

Why would it do that when it can put it in "~/Library/Application Support/Some Random Dir/Some Name Helper", and it'll survive a reboot? It can even find a place where soem application will run it automatically without having to put anything in an RC file.

The point isn't that malware can't put Bad Things in /tmp, the point is that this doesn't increase your exposure to malware, and that your exposure is MUCH greater from ~/Library. That is, "/tmp is writable" is a red herring.

 

Is it possible that Parallels would consider giving this option a 'password required' option ?

This would ( in my ideal world ... ) firstly require an admin password to activate it at all . An admin password would be needed each time a file wanted to 'escape' from the Windows environment and onto the Mac file system . And an optional 'all access' password could be required ; for which a disclaimer had to be read , another entry of the admin password AND an activation code ( locked to the installation code for Parallels ) which needs to be requested from the Parallels website .

There would then be no accidental activation , and Parallels could argue that any accidents were no longer their responsibility - but down to the users foolishness .

Those that need the service ( after the initial application for the activation code ) could not be troubled by the constant password requests , light users would put up with the password requests for the occasional use ( I could use the facility to drag & drop PDF printouts ) and non technical users need not even turn it on .

 

Files in /var/tmp survive a boot and many people don't know how to deal with the ever changing contents there and so malware is easier to hide there. I don't know why that would be a red herring - it is just one suggestion among many that can be offered to make a point that Windows malware can plant malicious code in clever locations. This is possible only if the global share is enabled, and that is the source of the greater exposure. Try to put it in the context of the Parallels home page text that makes this claim:

"Parallels Desktop for Mac is the first solution that gives Apple users the ability to run Windows alongside Mac OS X in a secure, isolated virtual machine."

While it does have this ability that is not the default configuration and they offer no advice to the user that this is not going to be the case unless the user disables global sharing. This has surprised and alarmed a good number of new users. There is really little else to the matter.

 

There are probably a number of options that help reduce user concern. My favorite so far is what VMWare has done with the Fusion for Mac virtualizer - drag and drop without the global share. It may be that it is lacking capabilities that Parallels has solved with global share. I've not found any but I tend not to use drag and drop for much.

 

The "password required" dialog on OS X is not an approval dialog (do you want to do a dangerous thing), it's an authentication dialog (are you a person who is allowed to do this). Mixing up approval and authentication dialogs is a bad idea.

 

I was not aware that /var/tmp survived a reboot on OS X. It shouldn't have to: the only reason for /var/tmp is historical, and over my almost 30 years with UNIX[1] I've routinely set up /tmp so that after going multiuser it was simply a symlink to /var/tmp. On a system like OS X where they're on the same partition there's no reason the shouldn't be symlinked together all the time.

In the context of whether it makes a difference whether Parallels Desktop exposes "root" or just your files, it is. There are places in teh file system where it does make a difference, but /tmp isn't one of them. I'm objecting, here, to the traditional view that "/tmp" is a particularly dangerous thing to let people into. If it is, then there's something really wrong with your system configuration.

You'll note that I have agreed that the default should be NOT to expose anything outside the VM [2].

[1] During most of which I've been a network and system administrator for a bunch of PhD developers who wouldn't know security if it bit them on the ass. I don't know what's worse, a pointy haired boss or a PhD Fortran programmer with a C++ compiler.

[2] I would also argue that anyone surprised by insecure defaults in any product needs to get a bit more worried. Even Mac OS X has some design flaws that Apple's refusing to fix.

 

Yes there are a lot of very interesting possible "gateways" that are available. I will not post any of them, however, as I don't believe it really serves the general interest to post such info, esp in an open user forum like this. It would be like post details on how to build an IED so as to educate the general public in American about possible dangerous objects that can be found in Iraq.

There are far better places ad contexts in which to have such specifici discussions -- partially so as to increase security -- but perhaps that sentiment also reflects some of biases re: security and the nature of various OS.

 

^I don't mean to sound rude, but's it's not your place to dictate what people say / don't say.

Anybody with the knowledge and intent on creating said malware, will do so, regardless of what is said on these forums.

Cheers,
chrisj303

 

Ok - gotcha - but I've never condemned /tmp or /var/tmp or have a reason to. It just happens to be a convenient place to stuff things where the Mac Finder won't easily discover it. Unix without /tmp is pretty much useless. I don't think we have any disagreements, in fact.

 

OK, I won't post any of the dozens of links to detailed descriptions of IEDs that I found through google in the last minute and a half.

Back in 1987 I posted an article to Usenet describing a fictitious "malloc worm", to try and convince some people on the Amiga newsgroup that they were way too complacent about UNIX security. A week later the Internet Worm hit... and I have to say I was a mite concerned aboutthe timing, at least up to the point where it became obvious that there was no connection between myself and Robert Morris Junior, and no relationship between myhypothetical worm and the real one. I've since become convinced that it's always in the general public's best interest to understand how malicious software works than to try and hide it.

But as you're the senior here, and I'm the junior, I'll try and refrain from any further implicitly explicit explanations of where malware might hide.

Anyone who's running a "clean room" Windows box and is depending on the Finder to show him malware is in the wrong business. I shan't go into more detail, out of deference to drval, but you should be able to think of a few tricks.

 

You're about 10 posts away from being a "Senior". It just means you're chatty

 

Oh, Christ, I know that. For several months around 1990 I was the top poster on Usenet, once I was both #1 and #3 on two different accounts. And that included stuff posted by automatic posting software.

 

I'm just saying what my position is in terms of presenting "offensive" options. If I were software, this position would be listed under my Preferences item.

What others do is what others do and the nature of the beast is that we are sometimes presented with behavior and actions from others to which we must respond in order to maintain our own integrity. And those responses may well vary depending on the context.

 

I was certain you did The question does come up a lot in this and other BBS's that use this software. I recall one guy on another non-computer board feeling quite elated that the "BBS Gods deemed his contribution worthy of promotion". It just cracked me up.

 

I think you don't have a clue what you are talking about. Code execution isn't the issue, the issue is separating between a virtual machine and its host operating system. If i want to let windows programs mess with my osx install ill install wine (which wine even has things put in place to separate its self from the host os)

 

Mind sharing your security credentials and experience with the group. I mean you are attempting to pass yourself off as an expert in this arena. It is only fair you know..

 

I'm not really certain why this is particularly relevant to the ISSUES but FWIW, I've been involved with electronic computing environments since my undergraduate days at Georgetown University starting in 73. I've programmed in BASIC, FORTRAN, C, C++, Unix, Idris, Co-Idris, Pascal, LabVIEW, to name a few. I've worked on a number of different platforms over the years including PDPs, Wang, Sperry, IBM, Apple, Mac, again to name a few. I've been actively involved in supporting and developing very particular kinds of applications specifically in the DOS/Windows environment since 1990. This includes providing remote desktop maintenance and updating for deployed applications where confidentiality of information is mission critical.

Again, I'm not really certain why this is particularly relevant to the ISSUES. Having been involved with computing environments for quite some time now, I'm very familiar with the kind of "religious wars" that can erupt when discussing programming languages, OS choices, hardware decision, etc, etc, etc. I don't find such conversations helpful and that's especially true because some potential participants decide to NOT add in their questions, concerns, opinions and experiences because of how "hot" and presonalized the discussions can become.

I'm more comfortable with a certain approach to tghe use of Parallels than some others are. Keeping the discussions at THAT LEVEL makes it possible to both inform and address the relevant issues. Who I am personally is not especially germane IMO.