On 10/27/07, Pietro Gagliardi <pietro10@mac.com> wrote:
OS X has root:
$ ls -ld /var
lrwxr-xr-x 1 root admin 11 Aug 11 2006 /var -> private/var
$ ls -l /private
total 0
drwxr-xr-x 107 root wheel 3638 Oct 2 21:25 etc
drwxr-xr-x 3 root wheel 102 Aug 1 2006 tftpboot
drwxrwxrwt 22 root wheel 748 Oct 27 18:23 tmp
drwxrwxrwt 4 root wheel 136 Mar 12 2007 tmp 2
drwxr-xr-x 26 root wheel 884 Oct 27 10:03 var
$ # run from Tiger
Oh and here's nice security: boot a Mac and hit Command+S while
booting (before the Apple logo/Happy Mac) and you're root. No
password required.
Yeah most operating systems have single user mode. If you can remotely boot my mac and hold Command-S, I'll start worrying about that one.
Find any linux box and boot with S on the kernel option line.
Solaris can have this done too.
By the way if you're that close to a mac why not boot it in target disk mode and just read all the data off the disk with a firewire cable?
Physical access == no security pretty much.
On Oct 27, 2007, at 6:20 PM, don bailey wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> clearly, you're not getting an account on my machine.
>>
>
> This goes back to the typical MacOSX argument:
> "If I have MacOSX laptop and you compromise my local
> account, it doesn't matter because you haven't
> gotten root, right?"
>
> Of course, this isn't true because all your data is owned
> by your user credentials. If someone compromises a single
> user laptop they don't need root or any other super user
> semantic. Being you compromises all the information
> necessary to hurt you: banking information, SSN, credit
> card info, e-mail logins, locally stored files, etc...
>
> I'd say that's enough of a problem. Even Plan 9's well
> designed authentication domains don't properly mitigate
> the issue of the local account being compromised.
>
> D
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t
> 1gCP7bJWlAofxI4Ta4oZeig=
> =f3q/
> -----END PGP SIGNATURE-----