From: "David Leimbach" <leimy2k@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: Re: [9fans] security
Date: Sat, 27 Oct 2007 17:17:52 -0700 [thread overview]
Message-ID: <3e1162e60710271717i7d858e7fv80a33ca20f5b1091@mail.gmail.com> (raw)
In-Reply-To: <F5B7714B-66A5-442D-95A7-558768AF4AB8@mac.com>
[-- Attachment #1: Type: text/plain, Size: 2289 bytes --]
On 10/27/07, Pietro Gagliardi <pietro10@mac.com> wrote:
>
> OS X has root:
>
> $ ls -ld /var
> lrwxr-xr-x 1 root admin 11 Aug 11 2006 /var -> private/var
> $ ls -l /private
> total 0
> drwxr-xr-x 107 root wheel 3638 Oct 2 21:25 etc
> drwxr-xr-x 3 root wheel 102 Aug 1 2006 tftpboot
> drwxrwxrwt 22 root wheel 748 Oct 27 18:23 tmp
> drwxrwxrwt 4 root wheel 136 Mar 12 2007 tmp 2
> drwxr-xr-x 26 root wheel 884 Oct 27 10:03 var
> $ # run from Tiger
>
> Oh and here's nice security: boot a Mac and hit Command+S while
> booting (before the Apple logo/Happy Mac) and you're root. No
> password required.
Yeah most operating systems have single user mode. If you can remotely boot
my mac and hold Command-S, I'll start worrying about that one.
Find any linux box and boot with S on the kernel option line.
Solaris can have this done too.
By the way if you're that close to a mac why not boot it in target disk mode
and just read all the data off the disk with a firewire cable?
Physical access == no security pretty much.
On Oct 27, 2007, at 6:20 PM, don bailey wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >> clearly, you're not getting an account on my machine.
> >>
> >
> > This goes back to the typical MacOSX argument:
> > "If I have MacOSX laptop and you compromise my local
> > account, it doesn't matter because you haven't
> > gotten root, right?"
> >
> > Of course, this isn't true because all your data is owned
> > by your user credentials. If someone compromises a single
> > user laptop they don't need root or any other super user
> > semantic. Being you compromises all the information
> > necessary to hurt you: banking information, SSN, credit
> > card info, e-mail logins, locally stored files, etc...
> >
> > I'd say that's enough of a problem. Even Plan 9's well
> > designed authentication domains don't properly mitigate
> > the issue of the local account being compromised.
> >
> > D
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> >
> > iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t
> > 1gCP7bJWlAofxI4Ta4oZeig=
> > =f3q/
> > -----END PGP SIGNATURE-----
>
>
[-- Attachment #2: Type: text/html, Size: 3572 bytes --]
next prev parent reply other threads:[~2007-10-28 0:17 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-26 22:38 [9fans] grap retarded?? Pietro Gagliardi
2007-10-26 23:17 ` geoff
2007-10-26 23:22 ` Pietro Gagliardi
2007-10-27 2:51 ` [9fans] detecting spam arisawa
2007-10-27 3:16 ` Pietro Gagliardi
2007-10-27 4:38 ` [9fans] security erik quanstrom
2007-10-27 9:03 ` roger peppe
2007-10-27 10:04 ` arisawa
2007-10-27 12:48 ` Uriel
2007-10-27 14:54 ` erik quanstrom
2007-10-27 17:19 ` Tim Newsham
2007-10-27 19:18 ` erik quanstrom
2007-10-27 22:20 ` don bailey
2007-10-27 22:25 ` Pietro Gagliardi
2007-10-27 22:33 ` don bailey
2007-10-28 0:17 ` David Leimbach [this message]
2007-10-28 6:00 ` Skip Tavakkolian
2007-10-28 6:06 ` john
2007-10-28 8:32 ` Joel C. Salomon
2007-10-28 20:53 ` Charles Forsyth
2007-10-27 23:40 ` Skip Tavakkolian
2007-10-28 6:11 ` don bailey
2007-10-28 6:30 ` Skip Tavakkolian
2007-10-28 6:42 ` don bailey
2007-10-28 7:28 ` Skip Tavakkolian
2007-10-28 12:53 ` Pietro Gagliardi
2007-10-28 15:52 ` don bailey
2007-10-28 15:51 ` don bailey
2007-10-28 15:59 ` Iruata Souza
2007-10-28 16:30 ` don bailey
2007-10-28 17:14 ` Iruata Souza
2007-10-28 17:22 ` Gabriel Diaz
2007-10-28 17:44 ` Pietro Gagliardi
2007-10-28 20:37 ` Charles Forsyth
2007-10-28 16:10 ` erik quanstrom
2007-10-28 16:26 ` don bailey
2007-10-28 18:30 ` Skip Tavakkolian
2007-10-28 18:43 ` Uriel
2007-10-28 18:58 ` Iruata Souza
2007-10-28 22:48 ` arisawa
2007-10-28 23:29 ` Pietro Gagliardi
2007-10-29 2:30 ` Skip Tavakkolian
2007-10-27 9:00 ` [9fans] detecting spam roger peppe
2007-10-27 13:16 ` Pietro Gagliardi
2007-10-27 13:41 ` erik quanstrom
2007-10-27 13:43 ` Pietro Gagliardi
2007-10-27 14:04 ` Martin Neubauer
2007-10-29 10:10 ` [9fans] grap retarded?? Douglas A. Gwyn
2007-10-29 18:43 ` Pietro Gagliardi
2007-10-29 10:10 ` Douglas A. Gwyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e1162e60710271717i7d858e7fv80a33ca20f5b1091@mail.gmail.com \
--to=leimy2k@gmail.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).