The productivity suite incorrectly assigns ownership of some files, creating an opportunity for security problemsJoel Bruner, a Chicago-based Mac consultant, was the first to notice the ownership snafu. "[Microsoft] moved to Apple's Package Maker (.pkg) installer files, good news for the enterprise, [but] unfortunately, they've created all the packages to install most all of the files with the owner set to 502."
In a shop where employees run with limited privileges -- a practice very common in an enterprise -- and IT is the only user with full administrative rights, Office 2008's ownership assignment means that a user who wasn't supposed to have complete control over those files actually does. In other words, whomever is assigned user ID 502 has full read/write access to Office's files.
"So let's say, Mr. IT installs this on a user's machine where the first user is the admin[istrator] (501) and the standard user is Joe User (502)," said Bruner in a post to his blog on Monday. "Well, when after all's installed, it will give Joe User (502) ownership of these folders and their installed contents:
/Library/Automator/ (if it doesn't exist already)
/Library/Fonts/Microsoft
/Library/Application Support/Microsoft
/Applications/Microsoft Office 2008"
The screw-up could present a corporate security problem, at least internally, said Bruner, if that Mac's second, standard user -- user 502 -- decides to make changes to the folders and files by, say, deleting some or moving others.
--
http://www.infoworld.com/archives/emailPri...08-snafu_1.html 
