Microsoft promises fix for Office 2008 installation issues

A pair of installation-related problems involving the new release of Microsoft's Office 2008 won't cause damage to your data or prevent the productivity suite from running. But the issues, discovered by a user, pose potential security and administrative headaches. Microsoft is vowing fixes for both.

Issue No. 1: UID 502

Office 2008's installation problems first came to light thanks to Mac user Joel Bruner, who noted both issues in posts on his blog earlier this week. The first issue relates to file ownership, and requires some basic understanding of user accounts and installations in Mac OS X.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

A pair of installation-related problems involving the new release of Microsoft's Office 2008 won't cause damage to your data or prevent the productivity suite from running. But the issues, discovered by a user, pose potential security and administrative headaches. Microsoft is vowing fixes for both.

Issue No. 1: UID 502

Office 2008's installation problems first came to light thanks to Mac user Joel Bruner, who noted both issues in posts on his blog earlier this week. The first issue relates to file ownership, and requires some basic understanding of user accounts and installations in Mac OS X.

Every user account on your Mac has an associated user ID number (UID); Mac OS X uses these UIDs, rather than account names, to track which users have what access to various files and actions. When you initially set up your Mac, the first user account created is given UID 501 and has administrative access. The second account created gets UID 502 and whatever account status--admin, standard, or managed--the administrator gives the the account. The third user gets UID 503, and so on.

Normally, when you install software using Apple's Installer utility, each installed file is owned by either the system, by a specific user account as determined by the developer and laid out in the installation package, or by the user account performing the installation.

However, as Bruner pointed out in one blog entry, the Office 2008 installation doesn't do any of these things. Instead, the installation package installs almost all of its files--and their enclosing folders--with the owner set to user ID 502. This occurs regardless of which user account runs the installer, and regardless of the administrative status of UID 502.

If UID 502 is an administrative account on your Mac, this may not be an issue, as you've presumably given that account admin status for a reason. However, if you set up the second account on your Mac without administrative privileges, that account will still end up with free reign over all of Office's components, and thus the ability to delete or alter /Library/Fonts/Microsoft, /Library/Application Support/Microsoft, and /Applications/Microsoft Office 2008, as well as the contents of these folders. (The installation for the Special Media Edition of Office 2008 also creates the folder /Library/Automator if it didn't already exist, and gives UID 502 ownership of that folder, as well.) For instance, the user could replace a legitimate file with something else and even make that file executable (see below).

Similarly, if you've set up the second account on your Mac as a non-admin account for your own everyday use--ostensibly to prevent yourself from accidentally screwing things up--this "safety" account will have the power to delete or otherwise alter the Office 2008 installation.

Many users won't notice this situation, but it potentially poses a security issue, as it could provide a non-admin user the ability to modify files that would normally be accessible only to administrators.

For more Mac news, visit Macworld. Story copyright Mac Publishing, LLC.