Structure and Interpretation of Computer Programmers

I make it easier and faster for you to write high-quality software.

Wednesday, September 5, 2007

Old news

So the Inquirer thinks they’ve got a hot potato on their hands, with this “security flaw” in OS X. I’ve been using this approach for years (like, since NeXTSTEP): boot into single-user and launch NetInfo manually, then passwd root. Or in newer Mac OS X, nicl means you don’t have to launch NetInfo.

Of course, if you give physical access to the computer without a Firmware password, then the ‘attacker’ may as well just boot from external media and do whatever they want from there. But the solution, as well as setting the Firmware password, is to edit the /etc/ttys file, change the line:

console "/System/Library/CoreServices/" vt100 on secure onoption="/usr/libexec/getty std.9600"


console "/System/Library/CoreServices/" vt100 on onoption="/usr/libexec/getty std.9600"

Now the root password is required in single-user mode (as the console is no longer considered a secure terminal).

posted by Graham Lee at 23:04  

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress