Old news

So the Inquirer thinks they’ve got a hot potato on their hands, with this “security flaw” in OS X. I’ve been using this approach for years (like, since NeXTSTEP): boot into single-user and launch NetInfo manually, then passwd root. Or in newer Mac OS X, nicl means you don’t have to launch NetInfo.

Of course, if you give physical access to the computer without a Firmware password, then the ‘attacker’ may as well just boot from external media and do whatever they want from there. But the solution, as well as setting the Firmware password, is to edit the /etc/ttys file, change the line:


console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" vt100 on secure onoption="/usr/libexec/getty std.9600"

to:


console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" vt100 on onoption="/usr/libexec/getty std.9600"

Now the root password is required in single-user mode (as the console is no longer considered a secure terminal).

This entry was posted in darwin. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.