[TUHS] Re: Maintenance mode on AIX

[TUHS] Re: Maintenance mode on AIX

[Joseph J. Mankoski ***PSI***]

Hello --

        Regarding "appliance-ization" (locking down / dumbing down) of commercially-available computer systems, and returning to the history of Unix (in the context of our current era), I am reminded of Ken Thompson's (excellent and humorous) panel presentation at the ACM Turing 100 conference I attended in 2012, imagining Alan Turing being brought to our time and given a current-generation computer system, etc.

        The webcast links for the "Systems Architecture" session, etc., on the main conference site, https://turing100.acm.org/, seem to be broken, however the video at this link works for me:

        https://dl.acm.org/doi/10.1145/2322176.2322182

        (Ken's part starts at ~0:09:28.)

        Cheers,
                                ***PSI***
                                <<<psi@valis.com>>>

tuhs-request@tuhs.org writes:
[...]
>  ----------------------------------------------------------------------
>
>  Message: 1
>  Date: Wed, 18 Jan 2023 17:08:00 +0000
>  From: segaloco <segaloco@protonmail.com>
>  Subject: [TUHS] Re: Maintenance mode on AIX
>  To: Clem Cole <clemc@ccc.com>
>  Cc: tuhs@tuhs.org
>  Message-ID: <zpdIicuX7AbN-y6hYho0eLOnHgzRs4iHa1UD6bxUyiTZhqZkg3Ha8TKWV
>  	ASxWkDZitFw0JIopRVh7BRC2PzLFrF_Gjsb2yCi-uxJ3Yr3AtE=@protonmail.com>
>  Content-Type: multipart/alternative;
>  	boundary="b1_7WKJsCnT0P2jggZLBLwbL2iRavDFXPykjXdIMPRs"
>
>  Apple's unreasonable hardening has been the latest deterent to my ever wanting to use macOS as a personal driver. I've got a Mac as my daily driver for work, it can happily stay with work until I can decide how the filesystem is laid out and what folders I, as the root user, can and can't interact with from user land. I own my machine, not Apple.
>
>  - Matt G.
>  ------- Original Message -------
>  On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc@ccc.com> wrote:
>
>> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm@mcvoy.com> wrote:
>>
>>> Someone once told me that if they had physical access to a Unix box, they
>>> would get root. That has been true forever and it's even more true today,
>>> pull the root disk, mount it on Linux, drop your ssh keys in there or add
>>> a no password root or setuid a shell, whatever, if you can put your hands
>>> on it, you can get in.
>>
>> A reasonable point, but I think it really depends on the UNIX implementation I suspect. Current mac OS is pretty well hardened from this, with their current enclaves and needing to boot home to Apple to get keys if things are not 100% right. Not saying you or I can not, but basically means the same cracking tricks you need to use for iPhones. It's not as easy as you describe.
>>
>> The ubiquitous Internet/WiFi changed the rules - as you can start to keep some set of keys somewhere else and then encrypt the local volumes. In fact, one of the things they do if mac OS boot detects that root has been modified (it has a crypto index stored away when it was made read-only), the boot rolls back to the last root snapshot -- since they are all read-only that works. In fact, it is a PITA to update/fix things like traditional scripts (for instance the scripts in the /etc/periodic area). Basically, they make it really unnatural to change the root files system, make a new snapshot and index (I have yet to see it documented although, with much pain, I previously created a procedure that is close -- i.e. it once worked on my pre-Ventura Mac - but currently -- fails, so I need to some more investigation when I can bring this back to the top of the importance/curiosity stack (I have a less than satisfying end around for now so I'm ignoring doing it properly).
>>
>> Clem
>> ᐧ-------------- next part --------------
[...]
>  ------------------------------
[...]

[TUHS] Re: Maintenance mode on AIX

[steve jenkin]

To their credit, ACM have make the video available on Youtube

	<https://youtu.be/dsMKJKTOte0?t=551>

Link includes intro to Ken for those wanting brevity.

> On 19 Jan 2023, at 07:04, Joseph J. Mankoski ***PSI*** <psi@valis.com> wrote:
> 
> Hello --
> 
>        Regarding "appliance-ization" (locking down / dumbing down) of commercially-available computer systems, and returning to the history of Unix (in the context of our current era), I am reminded of Ken Thompson's (excellent and humorous) panel presentation at the ACM Turing 100 conference I attended in 2012, imagining Alan Turing being brought to our time and given a current-generation computer system, etc.
> 
>        The webcast links for the "Systems Architecture" session, etc., on the main conference site, https://turing100.acm.org/, seem to be broken, however the video at this link works for me:
> 
>        https://dl.acm.org/doi/10.1145/2322176.2322182
> 
>        (Ken's part starts at ~0:09:28.)
> 
>        Cheers,
>                                ***PSI***
>                                <<<psi@valis.com>>>

--
Steve Jenkin

mailto:sjenkin@canb.auug.org.au http://members.tip.net.au/~sjenkin

[TUHS] Re: Maintenance mode on AIX

[Liam Proven]

On Wed, 18 Jan 2023 at 18:22, Will Senn <will.senn@gmail.com> wrote:
>
> Wow, we're all over the place on this thread.

True!

> I stopped updating my Mac with Mojave.

Me too. I have some irreplaceable 32-bit apps.

> I would prefer my OS to be under my control and secure my information, for me.

I agree.

*But* the thing is this, and I am theorizing here.

Apple is trying to move to Arm-ISA Macs with its own very highly
integrated chipset. This is imposing some issues.

E.g. The M1 Macs can't boot from an external device if the internal
one fails. You can't just put in a USB key and start from it. You
can't just remove a failed drive, replace it, format it, reinstall the
OS and keep going.

https://apple.stackexchange.com/questions/437022/can-apple-silicon-based-mac-boot-from-unauthorized-external-drive

They seem to lack the old 68K/PowerPC/x86 fairly clean separation
between firmware and OS on a disk.

They are, pretty much, the whole computer on a single SOC.

The first SOC was the ARM250: CPU + GPU + memory controller.

Then FPU and bus controllers and interfaces and things moved on board too.

Now, the RAM is on board, and the SSD is also built in if not on the
same die. It is extremely hard to replace/upgrade them, e.g.
https://www.macrumors.com/2021/04/06/m1-mac-ram-and-ssd-upgrades-possible/

In a way the Arm Macs are sort of like iPads with external screens. It
is also notable that there is _still_ no Arm-based Mac Pro: I don't
think they've found a way to make their new architecture as modular,
with external GPUs and an expansion bus. I suspect they won't be able
to and eventually the Intel kit will quietly disappear with no direct
replacement.

So I think that Apple is trying to make the OS as *extremely* robust
and tamper-proof as they can, because if that soldered-in-place disk
gets scrambled or compromised, then the expensive hardware is
basically toast.

I don't like it either and I don't want an Arm-powered Mac for now...
but I sort of understand what they are trying to do, I think.

-- 
Liam Proven ~ Profile: https://about.me/liamproven
Email: lproven@cix.co.uk ~ gMail/gTalk/FB: lproven@gmail.com
Twitter/LinkedIn: lproven ~ Skype: liamproven
UK: (+44) 7939-087884 ~ Czech [+ WhatsApp/Telegram/Signal]: (+420) 702-829-053

[TUHS] Re: Maintenance mode on AIX

[Brad Spencer]

Arno Griffioen via TUHS <tuhs@tuhs.org> writes:

> On Wed, Jan 18, 2023 at 08:38:40AM -0800, Larry McVoy wrote:
>> Someone once told me that if they had physical access to a Unix box, they
>> would get root.  That has been true forever and it's even more true today,
>> pull the root disk, mount it on Linux, drop your ssh keys in there or add
>> a no password root or setuid a shell, whatever, if you can put your hands
>> on it, you can get in.
>
> Until a few years ago, I would definitely agree. Done that regularly
> in the past. (and worked on lots of network gear too...)
>
> However..
>
> Nowadays with a little effort you can make a bootable Linux machine that 
> uses either a passphrase or some external key/dongle/fingerprint/etc.
> to unlock an encrypted root fs and additional filesystems.
>
> If you don't have those credentials, then it's going to be pretty tricky to 
> access as you simply can't even access any of the encrypted filesystems to 
> start with.
>
> Yes, you could probably get the initrd booted with a root shell and
> then wipe the machine/disk to then do what you want, but the original
> install is getting pretty hard to jump into with boot tricks these days.
>
> 								Bye, Arno.


Yes++ ...  I did something simular with NetBSD a few years ago.  I
booted a removable drive that asked for the passphrase to decrypt the
real root filesystem..  the drive was removed and stored separately from
the laptop when at rest.  Today, I don't even need a removable drive any
more, a ramdisk is attached to the kernel and unpacks itself upon boot
and that asks for the passphrase.  The root filesystem itself is more or
less completely encrypted.  Not quite full end to end, but very close.
All you could really do is destroy the system, which may be good enough
for some, but getting the information off of the encrypted filesystem
would be hard.



-- 
Brad Spencer - brad@anduin.eldar.org - KC8VKS - http://anduin.eldar.org

[TUHS] Re: Maintenance mode on AIX

[Arno Griffioen via TUHS]

On Wed, Jan 18, 2023 at 08:38:40AM -0800, Larry McVoy wrote:
> Someone once told me that if they had physical access to a Unix box, they
> would get root.  That has been true forever and it's even more true today,
> pull the root disk, mount it on Linux, drop your ssh keys in there or add
> a no password root or setuid a shell, whatever, if you can put your hands
> on it, you can get in.

Until a few years ago, I would definitely agree. Done that regularly
in the past. (and worked on lots of network gear too...)

However..

Nowadays with a little effort you can make a bootable Linux machine that 
uses either a passphrase or some external key/dongle/fingerprint/etc.
to unlock an encrypted root fs and additional filesystems.

If you don't have those credentials, then it's going to be pretty tricky to 
access as you simply can't even access any of the encrypted filesystems to 
start with.

Yes, you could probably get the initrd booted with a root shell and
then wipe the machine/disk to then do what you want, but the original
install is getting pretty hard to jump into with boot tricks these days.

								Bye, Arno.

[TUHS] Re: Maintenance mode on AIX

[David Barto]

[-- Attachment #1: Type: text/plain, Size: 3964 bytes --]

I think that the situation with MacOS is an (over) reaction to viruses, worms, and the end users themselves.
In order to make sure that the normal user doesn’t do something silly to their system Apple has wound up restricting what the more advanced and knowledgeable user can do.

I’m in an in-between camp. I like to install what I want and as long as I can do that, MacOS will work for me. And I like that Apple is working to stop the “bad guys” as much as possible.

When installing what I want stops happening then I’ll stop upgrading. Until then I’m willing to ride the Apple train.

	David

> On Jan 18, 2023, at 9:21 AM, Will Senn <will.senn@gmail.com> wrote:
> 
> Wow, we're all over the place on this thread. I stopped updating my Mac with Mojave. Occasionally, I flirt with more recent incarnations and much like with recent Windows incarnations, I scurry back pretty quickly to the stable and fast. ... and Mojave support 32 bit apps, which is nice. It's fast, responsive, and locked down the way I like it.
> 
> The mutually exclusive goals represented by security/it lockdown obsession and OS phone homeitis is ridiculous. One hopes that this is not a permanent set of affairs. I would prefer my OS to be under my control and secure my information, for me. 
> 
> Lately, I've been doing work with SculptOS on Genode - a capabilities based OS running on a microkernel (trusted computing       base). Sculpts got a ways to go, but I like the way the architects are thinking.
> 
> Will
> 
> 
> On 1/18/23 11:08 AM, segaloco via TUHS wrote:
>> Apple's unreasonable hardening has been the latest deterent to my ever wanting to use macOS as a personal driver.  I've got a Mac as my daily driver for work, it can happily stay with work until I can decide how the filesystem is laid out and what folders I, as the root user, can and can't interact with from user land. I own my machine, not Apple.
>> 
>> - Matt G.
>> ------- Original Message -------
>> On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc@ccc.com> <mailto:clemc@ccc.com> wrote:
>> 
>>> 
>>> 
>>> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm@mcvoy.com <mailto:lm@mcvoy.com>> wrote:
>>> Someone once told me that if they had physical access to a Unix box, they
>>> would get root. That has been true forever and it's even more true today,
>>> pull the root disk, mount it on Linux, drop your ssh keys in there or add
>>> a no password root or setuid a shell, whatever, if you can put your hands
>>> on it, you can get in.
>>> A reasonable point, but I think it really depends on the UNIX implementation I suspect. Current mac OS is pretty well hardened from this, with their current enclaves and needing to boot home to Apple to get keys if things are not 100% right. Not saying you or I can not, but basically means the same cracking tricks you need to use for iPhones. It's not as easy as you describe.
>>> 
>>> The ubiquitous Internet/WiFi changed the rules - as you can start to keep some set of keys somewhere else and then encrypt the local volumes. In fact, one of the things they do if mac OS boot detects that root has been modified (it has a crypto index stored away when it was made read-only), the boot rolls back to the last root snapshot -- since they are all read-only that works. In fact, it is a PITA to update/fix things like traditional scripts (for instance the scripts in the /etc/periodic area). Basically, they make it really unnatural to change the root files system, make a new snapshot and index (I have yet to see it documented although, with much pain, I previously created a procedure that is close -- i.e. it once worked on my pre-Ventura Mac - but currently -- fails, so I need to some more investigation when I can bring this back to the top of the importance/curiosity stack (I have a less than satisfying end around for now so I'm ignoring doing it properly).
>>> 
>>> Clem
>>> ᐧ
>> 
> 


[-- Attachment #2: Type: text/html, Size: 8224 bytes --]

[TUHS] Re: Maintenance mode on AIX

[Will Senn]

[-- Attachment #1: Type: text/plain, Size: 3359 bytes --]

Wow, we're all over the place on this thread. I stopped updating my Mac 
with Mojave. Occasionally, I flirt with more recent incarnations and 
much like with recent Windows incarnations, I scurry back pretty quickly 
to the stable and fast. ... and Mojave support 32 bit apps, which is 
nice. It's fast, responsive, and locked down the way I like it.

The mutually exclusive goals represented by security/it lockdown 
obsession and OS phone homeitis is ridiculous. One hopes that this is 
not a permanent set of affairs. I would prefer my OS to be under my 
control and secure my information, for me.

Lately, I've been doing work with SculptOS on Genode - a capabilities 
based OS running on a microkernel (trusted computing base). Sculpts got 
a ways to go, but I like the way the architects are thinking.

Will


On 1/18/23 11:08 AM, segaloco via TUHS wrote:
> Apple's unreasonable hardening has been the latest deterent to my ever 
> wanting to use macOS as a personal driver.  I've got a Mac as my daily 
> driver for work, it can happily stay with work until I can decide how 
> the filesystem is laid out and what folders I, as the root user, can 
> and can't interact with from user land. I own my machine, not Apple.
>
> - Matt G.
> ------- Original Message -------
> On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc@ccc.com> 
> wrote:
>
>>
>>
>> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm@mcvoy.com> wrote:
>>
>>     Someone once told me that if they had physical access to a Unix
>>     box, they
>>     would get root. That has been true forever and it's even more
>>     true today,
>>     pull the root disk, mount it on Linux, drop your ssh keys in
>>     there or add
>>     a no password root or setuid a shell, whatever, if you can put
>>     your hands
>>     on it, you can get in.
>>
>> A reasonable point, but I think it really depends on the UNIX 
>> implementation I suspect. Current mac OS is pretty well hardened from 
>> this, with their current enclaves and needing to boot home to Apple 
>> to get keys if things are not 100% right. Not saying you or I can 
>> not, but basically means the same cracking tricks you need to use for 
>> iPhones. It's not as easy as you describe.
>>
>> The ubiquitous Internet/WiFi changed the rules - as you can start to 
>> keep some set of keys somewhere else and then encrypt the local 
>> volumes. In fact, one of the things they do if mac OS boot detects 
>> that root has been modified (it has a crypto index stored away when 
>> it was made read-only), the boot rolls back to the last root snapshot 
>> -- since they are all read-only that works. In fact, it is a PITA to 
>> update/fix things like traditional scripts (for instance the scripts 
>> in the /etc/periodic area). Basically, they make it really unnatural 
>> to change the root files system, make a new snapshot and index (I 
>> have yet to see it documented although, with much pain, I previously 
>> created a procedure that is close -- i.e. it once worked on my 
>> pre-Ventura Mac - but currently -- fails, so I need to some more 
>> investigation when I can bring this back to the top of the 
>> importance/curiosity stack (I have a less than satisfying end around 
>> for now so I'm ignoring doing it properly).
>>
>> Clem
>> ᐧ
>

[-- Attachment #2: Type: text/html, Size: 6811 bytes --]

[TUHS] Re: Maintenance mode on AIX

[segaloco via TUHS]

[-- Attachment #1: Type: text/plain, Size: 2258 bytes --]

Apple's unreasonable hardening has been the latest deterent to my ever wanting to use macOS as a personal driver. I've got a Mac as my daily driver for work, it can happily stay with work until I can decide how the filesystem is laid out and what folders I, as the root user, can and can't interact with from user land. I own my machine, not Apple.

- Matt G.
------- Original Message -------
On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc@ccc.com> wrote:

> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm@mcvoy.com> wrote:
>
>> Someone once told me that if they had physical access to a Unix box, they
>> would get root. That has been true forever and it's even more true today,
>> pull the root disk, mount it on Linux, drop your ssh keys in there or add
>> a no password root or setuid a shell, whatever, if you can put your hands
>> on it, you can get in.
>
> A reasonable point, but I think it really depends on the UNIX implementation I suspect. Current mac OS is pretty well hardened from this, with their current enclaves and needing to boot home to Apple to get keys if things are not 100% right. Not saying you or I can not, but basically means the same cracking tricks you need to use for iPhones. It's not as easy as you describe.
>
> The ubiquitous Internet/WiFi changed the rules - as you can start to keep some set of keys somewhere else and then encrypt the local volumes. In fact, one of the things they do if mac OS boot detects that root has been modified (it has a crypto index stored away when it was made read-only), the boot rolls back to the last root snapshot -- since they are all read-only that works. In fact, it is a PITA to update/fix things like traditional scripts (for instance the scripts in the /etc/periodic area). Basically, they make it really unnatural to change the root files system, make a new snapshot and index (I have yet to see it documented although, with much pain, I previously created a procedure that is close -- i.e. it once worked on my pre-Ventura Mac - but currently -- fails, so I need to some more investigation when I can bring this back to the top of the importance/curiosity stack (I have a less than satisfying end around for now so I'm ignoring doing it properly).
>
> Clem
> ᐧ

[-- Attachment #2: Type: text/html, Size: 3933 bytes --]

[TUHS] Re: Maintenance mode on AIX

[Clem Cole]

[-- Attachment #1: Type: text/plain, Size: 1808 bytes --]

On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm@mcvoy.com> wrote:

> Someone once told me that if they had physical access to a Unix box, they
> would get root.  That has been true forever and it's even more true today,
> pull the root disk, mount it on Linux, drop your ssh keys in there or add
> a no password root or setuid a shell, whatever, if you can put your hands
> on it, you can get in.
>
A reasonable point, but I think it really depends on the UNIX implementation
I suspect.  Current mac OS is pretty well hardened from this, with their
current enclaves and needing to boot home to Apple to get keys if things
are not 100% right. Not saying you or I can not, but basically means the
same cracking tricks you need to use for iPhones. It's not as easy as you
describe.

The ubiquitous Internet/WiFi changed the rules - as you can start to keep
some set of keys somewhere else and then encrypt the local volumes.   In
fact, one of the things they do if mac OS boot detects that root has been
modified (it has a crypto index stored away when it was made read-only),
the boot rolls back to the last root snapshot -- since they are all
read-only that works.   In fact, it is a PITA to update/fix things like
traditional scripts (for instance the scripts in the /etc/periodic area).
 Basically, they make it really unnatural to change the root files system,
make a new snapshot and index (I have yet to see it documented although,
with much pain, I previously created a procedure that is close -- i.e. it
once worked on my pre-Ventura Mac - but currently -- fails, so I need to
some more investigation when I can bring this back to the top of the
importance/curiosity stack (I have a less than satisfying end around for
now so I'm ignoring doing it properly).

Clem
ᐧ

[-- Attachment #2: Type: text/html, Size: 3048 bytes --]

[TUHS] Re: Maintenance mode on AIX

[Larry McVoy]

On Wed, Jan 18, 2023 at 04:27:50PM +0000, Ron Natalie wrote:
> Occassionally, we???d get random other IBM hardware dropped on us.   One day
> an RS/6000 showed up.   The problem was that they didn???t give us any
> indication what the logins were (let alone the root password).   Being the
> long time security ???investigator??? that I was I started poking around at
> the thing while waiting for IBM to call me back.    The thing had a key
> switch that switched you from power OFF to NORMAL ot a WRENCH icon
> (maintenance mode).    So I powered it up in the wrench mode.   The thing
> booted up Unix but rather than a shell gave some maintenance program.    I
> poked around at the options hoping for something that would be useful for me
> without luck.   One option was to view the documentation so I brought that
> up and it displayed some text.    The neat thing (for me) was that it used
> ???more??? to paginate it.   Sure enough, when I got to the end of the first
> page, I could just hit ! at the prompt and get a root shell.    It was then
> pretty easy to get the machine set up to our liking.

Someone once told me that if they had physical access to a Unix box, they
would get root.  That has been true forever and it's even more true today,
pull the root disk, mount it on Linux, drop your ssh keys in there or add
a no password root or setuid a shell, whatever, if you can put your hands
on it, you can get in.
-- 
---
Larry McVoy           Retired to fishing          http://www.mcvoy.com/lm/boat