From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_32,HTML_MESSAGE, MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 24748 invoked from network); 18 Jan 2023 17:01:46 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 18 Jan 2023 17:01:46 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 102DE423EC; Thu, 19 Jan 2023 03:01:07 +1000 (AEST) Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com [209.85.222.45]) by minnie.tuhs.org (Postfix) with ESMTPS id 336CA423E9 for ; Thu, 19 Jan 2023 03:01:00 +1000 (AEST) Received: by mail-ua1-f45.google.com with SMTP id b18so2432070uan.11 for ; Wed, 18 Jan 2023 09:01:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ccc.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/9nI8qygLpgdi3MR4Lw7XOET2LCo/OC2riAplCbS3AE=; b=Q8yzRmJMtR+oUNUQArdjeQJpgIGi+4gv4CDsdyksJKeStKlFwccSsFp40GWK5cjNRy 1nx//U9GxoSyPAuV82BMzcnzsEuX0Tg7lpLeXJsigAbL1/DV6G/fL2iVBvvVMQ5ATh3J 1MIM9e8aOGStxqrm465bdVSTOLmzlKLLn/UUs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/9nI8qygLpgdi3MR4Lw7XOET2LCo/OC2riAplCbS3AE=; b=kz835NW0svX0ySM06DbyDRACrvyOP3s5IvS0GwPcSGMURETjCImuBYd8lVqy2j2pR/ Es04YrL/MonqFnP/MQKgH1Bd4ZebbWzu/SMT9UYdpI8GzU1JJDbyQowac6WdiuX4SN0a ns0V7/E82Sq3fZVK7zpXQVm0iZchGcSMyEdTfgSFTIYzsetFhEAA9SmIhan5gkPhG2MS Gj4nj9Phl/B1dyXPRvQFvcEwNUXtc7xwj+wUbxv2N9sY+ixKdEM6ng+0V9UUUwhyFVm/ dSjUtAuvns+7E5apuAJ93JgbIF+lfGX2uDDi9lZrtzw4KfAz52mXg8eUfjFuDO/nLrdH i8RA== X-Gm-Message-State: AFqh2koshuYhK+jJ34KBcp8Xin+gxhGqejAdpxSZoPtzykhmvYr+RXrW 9MMsUeinl2jAxItBLDBfSSNoRIQQ5rnylvnrP8u8NReD1G/rVtHB X-Google-Smtp-Source: AMrXdXslUiYPajA4PRLWATzmjyvNG881MYaCi7wL85esftFqj8IOJXHl0ZfhYdabdzqa5mbab/KfF+1mHr14tjjnJ0w= X-Received: by 2002:ab0:b05:0:b0:5f8:194d:35a7 with SMTP id b5-20020ab00b05000000b005f8194d35a7mr895820uak.66.1674061199261; Wed, 18 Jan 2023 08:59:59 -0800 (PST) MIME-Version: 1.0 References: <202301180943.30I9hrOw030485@freefriends.org> <202301181513.30IFDDUJ015224@freefriends.org> <20230118151446.GD2964@mcvoy.com> <20230118161959.GE2964@mcvoy.com> <20230118163840.GF2964@mcvoy.com> In-Reply-To: <20230118163840.GF2964@mcvoy.com> From: Clem Cole Date: Wed, 18 Jan 2023 11:59:33 -0500 Message-ID: To: Larry McVoy Content-Type: multipart/alternative; boundary="0000000000001d555605f28cbf9b" Message-ID-Hash: CO23W4ANAMQ3XJCXWDMW425QOJHUQX4X X-Message-ID-Hash: CO23W4ANAMQ3XJCXWDMW425QOJHUQX4X X-MailFrom: clemc@ccc.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tuhs.tuhs.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: tuhs@tuhs.org X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: Maintenance mode on AIX List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --0000000000001d555605f28cbf9b Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy wrote: > Someone once told me that if they had physical access to a Unix box, they > would get root. That has been true forever and it's even more true today= , > pull the root disk, mount it on Linux, drop your ssh keys in there or add > a no password root or setuid a shell, whatever, if you can put your hands > on it, you can get in. > A reasonable point, but I think it really depends on the UNIX implementatio= n I suspect. Current mac OS is pretty well hardened from this, with their current enclaves and needing to boot home to Apple to get keys if things are not 100% right. Not saying you or I can not, but basically means the same cracking tricks you need to use for iPhones. It's not as easy as you describe. The ubiquitous Internet/WiFi changed the rules - as you can start to keep some set of keys somewhere else and then encrypt the local volumes. In fact, one of the things they do if mac OS boot detects that root has been modified (it has a crypto index stored away when it was made read-only), the boot rolls back to the last root snapshot -- since they are all read-only that works. In fact, it is a PITA to update/fix things like traditional scripts (for instance the scripts in the /etc/periodic area). Basically, they make it really unnatural to change the root files system, make a new snapshot and index (I have yet to see it documented although, with much pain, I previously created a procedure that is close -- i.e. it once worked on my pre-Ventura Mac - but currently -- fails, so I need to some more investigation when I can bring this back to the top of the importance/curiosity stack (I have a less than satisfying end around for now so I'm ignoring doing it properly). Clem =E1=90=A7 --0000000000001d555605f28cbf9b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Jan 18, 2023 at 11:3= 9 AM Larry McVoy <lm@mcvoy.com> w= rote:
Someone once told me that if they had physical access to a Unix box, they would get root.=C2=A0 That has been true forever and it's even more tru= e today,
pull the root disk, mount it on Linux, drop your ssh keys in there or add a no password root or setuid a shell, whatever, if you can put your hands on it, you can get in.
A reasonable point, but I t= hink it really depends on the UNIX=C2=A0implementation I suspect= .=C2=A0 Current mac OS is pretty well hardened from this, with their curren= t enclaves and needing to boot home to Apple=C2=A0to get keys if things are= not 100% right. Not saying you or I can not, but basically means the same = cracking tricks you need to use for iPhones. It's not as easy as you de= scribe.=C2=A0 =C2=A0

The u= biquitous=C2=A0Internet/WiFi changed=C2=A0the rules - as you can start to k= eep some set of keys somewhere else and then encrypt the local volumes.=C2= =A0 =C2=A0In fact, one of the things they do if mac=C2=A0OS boot=C2=A0detec= ts that root has been modified (it has a crypto index=C2=A0stored away when= it was made read-only), the boot rolls back to the last root snapshot -- s= ince they are all read-only that works.=C2=A0 =C2=A0In fact, it is a PITA t= o update/fix things like traditional scripts (for instance the=C2=A0scripts= in the /etc/periodic area).=C2=A0 =C2=A0Basically, they make it really unn= atural to change=C2=A0the root files system, make a new snapshot and index = (I have yet to see it documented although, with much pain, I previously cre= ated a procedure=C2=A0that is close -- i.e. it once worked on my pre-Ventur= a Mac - but currently -- fails, so I need to some more investigation when I= can bring this back to the top of the importance/curiosity stack (I have a= less than satisfying=C2=A0end around for now so I'm ignoring doing it = properly).

Clem=C2=A0=
<= img alt=3D"" style=3D"width:0px;max-height:0px;overflow:hidden" src=3D"http= s://mailfoogae.appspot.com/t?sender=3DaY2xlbWNAY2NjLmNvbQ%3D%3D&type=3D= zerocontent&guid=3D1887eda6-818a-42b3-b70c-7ed462509e6f">=E1=90=A7
--0000000000001d555605f28cbf9b--