From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <3e1162e60710271717i7d858e7fv80a33ca20f5b1091@mail.gmail.com> Date: Sat, 27 Oct 2007 17:17:52 -0700 From: "David Leimbach" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> Subject: Re: [9fans] security In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_6919_15264603.1193530672785" References: <4723B9AD.8090308@gmail.com> Topicbox-Message-UUID: dbe9b8d8-ead2-11e9-9d60-3106f5b1d025 ------=_Part_6919_15264603.1193530672785 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On 10/27/07, Pietro Gagliardi wrote: > > OS X has root: > > $ ls -ld /var > lrwxr-xr-x 1 root admin 11 Aug 11 2006 /var -> private/var > $ ls -l /private > total 0 > drwxr-xr-x 107 root wheel 3638 Oct 2 21:25 etc > drwxr-xr-x 3 root wheel 102 Aug 1 2006 tftpboot > drwxrwxrwt 22 root wheel 748 Oct 27 18:23 tmp > drwxrwxrwt 4 root wheel 136 Mar 12 2007 tmp 2 > drwxr-xr-x 26 root wheel 884 Oct 27 10:03 var > $ # run from Tiger > > Oh and here's nice security: boot a Mac and hit Command+S while > booting (before the Apple logo/Happy Mac) and you're root. No > password required. Yeah most operating systems have single user mode. If you can remotely boot my mac and hold Command-S, I'll start worrying about that one. Find any linux box and boot with S on the kernel option line. Solaris can have this done too. By the way if you're that close to a mac why not boot it in target disk mode and just read all the data off the disk with a firewire cable? Physical access == no security pretty much. On Oct 27, 2007, at 6:20 PM, don bailey wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > >> clearly, you're not getting an account on my machine. > >> > > > > This goes back to the typical MacOSX argument: > > "If I have MacOSX laptop and you compromise my local > > account, it doesn't matter because you haven't > > gotten root, right?" > > > > Of course, this isn't true because all your data is owned > > by your user credentials. If someone compromises a single > > user laptop they don't need root or any other super user > > semantic. Being you compromises all the information > > necessary to hurt you: banking information, SSN, credit > > card info, e-mail logins, locally stored files, etc... > > > > I'd say that's enough of a problem. Even Plan 9's well > > designed authentication domains don't properly mitigate > > the issue of the local account being compromised. > > > > D > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.6 (GNU/Linux) > > > > iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t > > 1gCP7bJWlAofxI4Ta4oZeig= > > =f3q/ > > -----END PGP SIGNATURE----- > > ------=_Part_6919_15264603.1193530672785 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

On 10/27/07, Pietro Gagliardi <pietro10@mac.com> wrote:
OS X has root:

$ ls -ld /var
lrwxr-xr-x   1 root  admin  11 Aug 11  2006 /var -> private/var
$ ls -l /private
total 0
drwxr-xr-x   107 root  wheel  3638 Oct  2 21:25 etc
drwxr-xr-x     3 root  wheel   102 Aug  1  2006 tftpboot
drwxrwxrwt    22 root  wheel   748 Oct 27 18:23 tmp
drwxrwxrwt     4 root  wheel   136 Mar 12  2007 tmp 2
drwxr-xr-x    26 root  wheel   884 Oct 27 10:03 var
$ # run from Tiger

Oh and here's nice security: boot a Mac and hit Command+S while
booting (before the Apple logo/Happy Mac) and you're root. No
password required.


Yeah most operating systems have single user mode.  If you can remotely boot my mac and hold Command-S, I'll start worrying about that one.

Find any linux box and boot with S on the kernel option line.

Solaris can have this done too.

By the way if you're that close to a mac why not boot it in target disk mode and just read all the data off the disk with a firewire cable?

Physical access == no security pretty much.
 

On Oct 27, 2007, at 6:20 PM, don bailey wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> clearly, you're not getting an account on my machine.
>>
>
> This goes back to the typical MacOSX argument:
>       "If I have MacOSX laptop and you compromise my local
>        account, it doesn't matter because you haven't
>        gotten root, right?"
>
> Of course, this isn't true because all your data is owned
> by your user credentials. If someone compromises a single
> user laptop they don't need root or any other super user
> semantic. Being you compromises all the information
> necessary to hurt you: banking information, SSN, credit
> card info, e-mail logins, locally stored files, etc...
>
> I'd say that's enough of a problem. Even Plan 9's well
> designed authentication domains don't properly mitigate
> the issue of the local account being compromised.
>
> D
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t
> 1gCP7bJWlAofxI4Ta4oZeig=
> =f3q/
> -----END PGP SIGNATURE-----


------=_Part_6919_15264603.1193530672785--