On 10/27/07, Pietro Gagliardi wrote: > > OS X has root: > > $ ls -ld /var > lrwxr-xr-x 1 root admin 11 Aug 11 2006 /var -> private/var > $ ls -l /private > total 0 > drwxr-xr-x 107 root wheel 3638 Oct 2 21:25 etc > drwxr-xr-x 3 root wheel 102 Aug 1 2006 tftpboot > drwxrwxrwt 22 root wheel 748 Oct 27 18:23 tmp > drwxrwxrwt 4 root wheel 136 Mar 12 2007 tmp 2 > drwxr-xr-x 26 root wheel 884 Oct 27 10:03 var > $ # run from Tiger > > Oh and here's nice security: boot a Mac and hit Command+S while > booting (before the Apple logo/Happy Mac) and you're root. No > password required. Yeah most operating systems have single user mode. If you can remotely boot my mac and hold Command-S, I'll start worrying about that one. Find any linux box and boot with S on the kernel option line. Solaris can have this done too. By the way if you're that close to a mac why not boot it in target disk mode and just read all the data off the disk with a firewire cable? Physical access == no security pretty much. On Oct 27, 2007, at 6:20 PM, don bailey wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > >> clearly, you're not getting an account on my machine. > >> > > > > This goes back to the typical MacOSX argument: > > "If I have MacOSX laptop and you compromise my local > > account, it doesn't matter because you haven't > > gotten root, right?" > > > > Of course, this isn't true because all your data is owned > > by your user credentials. If someone compromises a single > > user laptop they don't need root or any other super user > > semantic. Being you compromises all the information > > necessary to hurt you: banking information, SSN, credit > > card info, e-mail logins, locally stored files, etc... > > > > I'd say that's enough of a problem. Even Plan 9's well > > designed authentication domains don't properly mitigate > > the issue of the local account being compromised. > > > > D > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.6 (GNU/Linux) > > > > iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t > > 1gCP7bJWlAofxI4Ta4oZeig= > > =f3q/ > > -----END PGP SIGNATURE----- > >