When upgrading your Mac from OS X 10.6.2 to 10.6.3, the user can allow the install to proceed without providing any admin-level credentials. This isn’t supposed to happen, as root-level activity appears to be taking place without explicit authorization. Apple supposedly corrected this bad behavior way back in 10.4.8.
Now, it seems to be back… and Apple’s using it. Rixstep dug deep and describes:
“That file .SoftwareUpdateAtLogout is owned by root:wheel and you are neither the one nor the other. And if you check the parent directory you’ll see it too is owned by root:wheel and nobody but root can get in there to modify anything.
“But you didn’t give the installer your password, did you? Leopard users still do but you didn’t, did you? No you didn’t.”
This problem with privilege escalation exists in Snow Leopard 10.6.2 for sure. It might exist in earlier versions of Snow Leopard as well. Mac OS X 10.5 appears to be operating correctly, though.
For me the question is: did Apple (re-)fix this bug with the 10.6.3 update that signaled the alert?