How Dropbox securely stores your passwords

[cstrat]

Admittedly I don't know what that is and I don't know a lot about how applications on OSX get permissions. From reading that thread I posted I was under the impression that Dropbox stored the password because it was able to reinstate itself as an accessibility service as many times as it liked without having to ask for the admin password.

From reading, that wasn't supposed to be allowed. The only way that could work would be if Dropbox kept your password on file. In effect meaning that the dialogue you entered your admin password for wasn't a system modal - but rather a dropbox modal imitating the system one.

[danieldk]

I was under the impression that Dropbox stored the password because it was able to reinstate itself as an accessibility service as many times as it liked without having to ask for the admin password

That is not necessary. A SUID binary owned by root runs with root's privileges. So, they only need the administrator's password once to install the SUID binaries. Afterwards, they have their own 'backdoor' to reinstate the accessibility settings, without needing an administrator password.

So, when they deny storing your password, it's probably true, they don't need it.

(If you are not convinced, write a small C program that executes a shell, compile it, make root the owner, set the SUID bit. You can be in a root shell without ever typing a password. This is why it is a good practice to have as few root-owned SUID binaries as possible.)

[stephenr]

They used the initial admin access (via the 'fake' password prompt) to install a tool that has setuid 0.

Setuid 0 means that whoever executes the tool, it always runs as user 0 (aka root). That is what enables them to continuously re-add their bullshit into accessibility settings.

So they aren't storing a password, they're installing a program that has permanent unlimited (barring System Integrity Protection on newer versions) access.