Muse Hub installer requires admin on macOS
Hi -- I'd like to know why the Muse Hub installer requires admin privileges on macOS. Why does it need them? What is done that I cannot do as a non-privileged user do? Thanks!
Do you still have an unanswered question? Please log in first to post your question.
Comments
See #339231: Muse Hub runs with excessive permissions on Linux (for Linux, but I guess Macs are similar in that respect)
@chris_st: Do you mean when you install it? Is it that it asks you for your admin password if you first start it? Or something else?
I do not see anything suspicious. But I may be wrong. Maybe a MacOS expert can comment?
https://musescore.org/en/node/337673#comment-1156564
In reply to Do you mean when you install… by user2442
When you first run it, it asks for admin credentials. Mac programs usually don't have an installer as such, you just drag the program to the directory of your choice, and run it.
In reply to When you first run it, it… by chris_st
(deleted)
In reply to That should be no cause for… by user2442
Hi jeroen2442 -- close, but no cigar :-)
You're referring to the normal message that pops up when you download an app -- for instance, I saw the message you describe with the "MuseScore 4" app itself. It only has "Allow" and "Cancel" type buttons.
For the "MuseHub" app, something different comes up, which is a dialog specifically stating that it wants to install a helper application, which needs admin privileges. This is what I was questioning, not the ordinary Apple "app downloaded from web" yes/no box.
I would like to know what that helper app does, and why the installer feels it needs to be there, and why it has to be an admin-installed app.
As @Jojo-Schmitz mentioned above, there is a similar thing that happens on the Linux version of MuseHub, where the same question has been raised.
In reply to Hi jeroen2442 -- close, but… by chris_st
Hi Chris,
This is worth getting to the bottom of...
What I see, and what I think you are referring to, is the attached dialog.
This is in Dutch. It says, basically, that Muse Hub wants to install a helper application and asks for my password for permission. I do not see that this helper application needs admin privileges.
When I consent, and then look for processes with Hub in their name, I see
jeroen 1233 0,0 0,0 34462808 6632 ?? Ss 2:08am 0:00.02 /Applications/Muse Hub.app/Contents/XPCServices/HelperInstaller.xpc/Contents/MacOS/HelperInstaller
jeroen 1232 0,0 0,2 35194716 83396 ?? S 2:08am 0:00.87 /Applications/Muse Hub.app/Contents/MacOS/Muse Hub
These processes run under my userid, so do not have admin privileges. There are no other processes running with as parent either of these processes.
So my guess is that the program Muse Hub wanted to install is indeed HelperInstaller, and that seems innocent enough.
Do you see something different on your computer?
In reply to Hi Chris, this is worth… by user2442
Hi Jeroen2442,
Yup, that's the dialog. The important difference here is who is asked to install the helper application.
For me, when I get a new computer, I always set up two users: the first is my full name, and (by default) is an admin user -- this user has more privileges and can do more stuff than an "ordinary" user. Next, I set up an ordinary user using the short form of my name.
Since I always log in as the ordinary user, I run everything I normally do without admin privileges. This is safer -- if there is an application that wants to do something bad, for example install a program to track every keystroke I make and send it to some website, it won't run because I am not an admin.
And, importantly, when I get the same dialog (except in English), it's asking (quoting exactly here): "Enter an administrator's name and password to allow this." Screenshot attached.
So this program must be installed by an admin. I'm guessing that since your account is the first/default one, you have admin privileges already, and so it doesn't mention this. I'm sure if I ran it as my admin user, the "Hub" programs you found would be running as that user, not my least-privileged user.
Yes, you're right, the "hub" programs you found are running as you -- with, I believe, admin privileges.
SO: Where did this whole discussion start? With me asking why this program needs to be installed with admin privileges, and what it does. I still want to know the answers to these questions! As mentioned above, there are substantial concerns as what was found in the Linux version of Muse Hub. I have those same concerns.
In reply to Hi Jeroen2442, Yup, that's… by chris_st
Hi Chris,
very astutely observed. I installed Muse Hub as admin, and the output from ps showed indeed it running as this user, thus with admin privileges. Not as bad as root, but still bad. Oops.
But all is not lost. When I logged on as plain user, the same output from ps showed that user as process owner, meaning that it ran with that user's privileges. This held for both MuseScore and Muse Hub.
I believe that, except when special flags are set on the executable, it always runs with the privileges of the user starting the program. Regardless of who owns the program.
So in the end I still believe that there is no cause for alarm. The program will do nothing that the user couldn't do otherwise.
To address your final question: I still believe that, on Mac at least, the program, once installed, has no special privileges. To install it, of course, you need to have administrative power.
Updated: since has become clear that there is also a service running as root. That opens up the whole problem again.
In reply to Hi Chris, very astutely… by user2442
Well, I have to politely disagree -- I'm glad the programs you found are running as you, but I wonder about other programs. And, I wonder about their ability to become an admin user... I know that can be done in some circumstances. I also wonder whether there are programs set up to run at (say) 2 in the morning, that won't show up in a current list of programs.
The other concern is if the Muse Hub servers get hacked, and an update is pushed with malware of some kind. In that case, we'd have admin-permission programs running and doing bad stuff. This has happened with other programs, it's not a theoretical issue.
However, if the Muse Hub programs never are run as admin users, then the "blast radius" is far more limited.
Again, the question isn't really "are these current programs bad", it's "Why do they insist on admin privileges"? It's evident from your analysis that some of them run as you, so... why do it at all? Why introduce these (serious!) security issues?
In reply to Hi Chris, this is worth… by user2442
I should add that there actually is another process which you can see if you filter process names by "muse" instead of "hub", and which indeed does run as a root. I see the following output running the
pscommand:where "dm" is me and "root" is apparently root, the privileged system user.
Moreover the "museservice" process does not stop when I exit Muse Hub:
So the situation here seems to be similar to what is reported for Linux (although I didn't try installing Muse Hub on Linux myself).
In reply to I should add that there… by dmitrio95
Thanks dmitrio95 -- appreciate the update and the info.
In reply to I should add that there… by dmitrio95
That helper service not stopping when quitting the Hub is a Windows issue as well.
In reply to That helper service not… by jeetee
But at least it stops bittorrent traffic on my Mac.
I looked into its behaviour, in particular regarding bittorrent port 6881:
In reply to I looked into the bittorrent… by user2442
I am convinced now that, regardless of possible bad intentions of the makers (which I do not believe for a moment) it would be better to do away with the service completely. There are good alternatives to give the user virtually the same experience without exposure.
For Linux an issue was created with severity Major on this: https://musescore.org/en/node/339231. Shouldn't there be one for MacOS as well? And for Windows, for that matter?
Linked to #339877: Muse Hub runs with excessive permissions on MacOS