Just like buffer overflow bugs are impossible can be eliminated by using a memory safe language, bugs like this recent OS X privilege escalation can be eliminated by using object capabilities. What makes this particular OS X bug interesting is that it is the very same bug from a 1977 Unix-like system described in the first paper on the confused deputy problem.
2 comments on original post
DYLD_PRINT_TO_FILE: This is a path to a (writable) file. Normally, the dynamic linker writes all logging output (triggered by DYLD_PRINT_* settings) to file descriptor 2 (which is usually stderr). But this setting causes the dynamic linker to write logging output to the specified file.
Add a comment...