LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices



Reply
 
Search this Thread
Old 04-13-2004, 09:55 AM   #1
feetyouwell
Member
 
Registered: Dec 2003
Location: NC, US
Distribution: Novell Linux Eval (2.6.5)
Posts: 240

Rep: Reputation: 30
panther security hole???


In the default setting of apple os 10.3, at the start up, if you press command + s, then it login you into a terminal session automatically as ROOT!!!!!!!!!! (just let you know, when i was in the netinfo, it tells me the root is DISABLED)
How do you fix that?
Also, in the netinfo, you can't see people's encrypted passwd, where can you go and get that?
thanks
 
Old 04-13-2004, 01:00 PM   #2
Jim.DiGriz
LQ Newbie
 
Registered: Apr 2004
Location: Tulsa, Oklahoma
Distribution: Slackware 9.1,RedHat 9, Fedora Core 1, Fedora Core 2, Redhat Enterprise Linux AS v. 3, Mac OS 10.3.3
Posts: 16

Rep: Reputation: 0
http://www.macosxhints.com/article.p...01217230925152

See the discussion in this thread about the difficulties of securing a box an attacker has extended physical access to.

What they suggest is use the Open firmware password utility found at Apple's site to disable booting in single user mode, which is what you're doing with the command-s. However as they state, if you forget THAT password you're screwed, as of course, you won't be able to zap the PRAM anymore, or boot in single user mode, or any number of other things, which could be problematic.

See also some of the links like Open Firmware: Password Not Recognized When It Contains the Letter "U"

and Open Firmware: Password Not Recognized When Using Keyboard Layout Other Than U.S.
 
Old 04-13-2004, 04:50 PM   #3
feetyouwell
Member
 
Registered: Dec 2003
Location: NC, US
Distribution: Novell Linux Eval (2.6.5)
Posts: 240

Original Poster
Rep: Reputation: 30
uh-ha, apple should fix this, in my opinion. Otherwise, whoever has to maintain a mac lab with several "smart" students is going to have heck of a time to keep the machines up.

Questiono you know any command line tools to create / manage users in panther?

Also an interesting phoenomena,

When i first using panther (with root disabled by default), i can't do ">console" at login window, after i enabled root, ">console" is enabled as well.
 
Old 04-13-2004, 05:52 PM   #4
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
moved to the General forum.
 
Old 04-13-2004, 07:15 PM   #5
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
It would be weird if the last security updates didn't cover that
 
Old 04-19-2004, 11:03 AM   #6
Jim.DiGriz
LQ Newbie
 
Registered: Apr 2004
Location: Tulsa, Oklahoma
Distribution: Slackware 9.1,RedHat 9, Fedora Core 1, Fedora Core 2, Redhat Enterprise Linux AS v. 3, Mac OS 10.3.3
Posts: 16

Rep: Reputation: 0
For those command line tools for OSX see http://www.osxgnu.org.

And best of luck, because Windows Mac or Linux, maintaining a lab for a group of motivated "smart" students is going to be a security challenge deluxe. I definitely recommend bios passwords, bootloader passwords, and ready-to-go system images all around.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
find security hole... os2 Linux - Security 5 10-14-2005 12:16 AM
check the security hole ust Linux - Security 6 09-10-2004 06:42 PM
security hole or convenience? carboncopy Slackware 3 08-13-2003 04:07 AM
Security Hole -Samba dvong3 Linux - Security 1 03-21-2003 03:38 PM
Security Hole in PHP 4.3.0 Crashed_Again Linux - Security 1 03-01-2003 04:29 PM


All times are GMT -5. The time now is 03:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration