From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 15540 invoked from network); 18 Jan 2023 20:05:04 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 18 Jan 2023 20:05:04 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id A81E64241A; Thu, 19 Jan 2023 06:04:40 +1000 (AEST) Received: from valis.com (valis.com [68.74.116.177]) by minnie.tuhs.org (Postfix) with ESMTPS id B2B4A42418 for ; Thu, 19 Jan 2023 06:04:34 +1000 (AEST) Received: from valis.com (valis.com [68.74.116.177]) by valis.com (8.17.1/8.16.1) with ESMTPS id 30IK4Jis327778 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Wed, 18 Jan 2023 12:04:20 -0800 From: "Joseph J. Mankoski ***PSI***" To: tuhs@tuhs.org In-Reply-To: Date: Wed, 18 Jan 2023 12:04:19 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (valis.com [68.74.116.177]); Wed, 18 Jan 2023 12:04:20 -0800 (PST) Message-ID-Hash: CIFDITN2AOKGGIABNNLUJXDIKR4YLYTQ X-Message-ID-Hash: CIFDITN2AOKGGIABNNLUJXDIKR4YLYTQ X-MailFrom: psi@valis.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tuhs.tuhs.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: segaloco , tuhs@tuhs.org X-Mailman-Version: 3.3.6b1 Precedence: list Subject: [TUHS] Re: Maintenance mode on AIX List-Id: The Unix Heritage Society mailing list Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hello -- Regarding "appliance-ization" (locking down / dumbing down) of comm= ercially-available computer systems, and returning to the history of Unix (= in the context of our current era), I am reminded of Ken Thompson's (excell= ent and humorous) panel presentation at the ACM Turing 100 conference I att= ended in 2012, imagining Alan Turing being brought to our time and given a = current-generation computer system, etc. The webcast links for the "Systems Architecture" session, etc., on = the main conference site, https://turing100.acm.org/, seem to be broken, ho= wever the video at this link works for me: https://dl.acm.org/doi/10.1145/2322176.2322182 (Ken's part starts at ~0:09:28.) Cheers, ***PSI*** <<>> tuhs-request@tuhs.org writes: [...] > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 18 Jan 2023 17:08:00 +0000 > From: segaloco > Subject: [TUHS] Re: Maintenance mode on AIX > To: Clem Cole > Cc: tuhs@tuhs.org > Message-ID: ASxWkDZitFw0JIopRVh7BRC2PzLFrF_Gjsb2yCi-uxJ3Yr3AtE=3D@protonmail.com> > Content-Type: multipart/alternative; > boundary=3D"b1_7WKJsCnT0P2jggZLBLwbL2iRavDFXPykjXdIMPRs" > > Apple's unreasonable hardening has been the latest deterent to my ever w= anting to use macOS as a personal driver. I've got a Mac as my daily driver= for work, it can happily stay with work until I can decide how the filesys= tem is laid out and what folders I, as the root user, can and can't interac= t with from user land. I own my machine, not Apple. > > - Matt G. > ------- Original Message ------- > On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole w= rote: > >> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy wrote: >> >>> Someone once told me that if they had physical access to a Unix box, th= ey >>> would get root. That has been true forever and it's even more true toda= y, >>> pull the root disk, mount it on Linux, drop your ssh keys in there or a= dd >>> a no password root or setuid a shell, whatever, if you can put your han= ds >>> on it, you can get in. >> >> A reasonable point, but I think it really depends on the UNIX implementa= tion I suspect. Current mac OS is pretty well hardened from this, with thei= r current enclaves and needing to boot home to Apple to get keys if things = are not 100% right. Not saying you or I can not, but basically means the sa= me cracking tricks you need to use for iPhones. It's not as easy as you des= cribe. >> >> The ubiquitous Internet/WiFi changed the rules - as you can start to kee= p some set of keys somewhere else and then encrypt the local volumes. In fa= ct, one of the things they do if mac OS boot detects that root has been mod= ified (it has a crypto index stored away when it was made read-only), the b= oot rolls back to the last root snapshot -- since they are all read-only th= at works. In fact, it is a PITA to update/fix things like traditional scrip= ts (for instance the scripts in the /etc/periodic area). Basically, they ma= ke it really unnatural to change the root files system, make a new snapshot= and index (I have yet to see it documented although, with much pain, I pre= viously created a procedure that is close -- i.e. it once worked on my pre-= Ventura Mac - but currently -- fails, so I need to some more investigation = when I can bring this back to the top of the importance/curiosity stack (I = have a less than satisfying end around for now so I'm ignoring doing it pro= perly). >> >> Clem >> =E1=90=A7-------------- next part -------------- [...] > ------------------------------ [...]