Password Vulnerability in new OS X Versions?

zpincus

Registered
OK, so I've been reading all about build 4K17, in which the root password is NOT the sam as the password you type in.

In fact, the only way to get root access is to open NetInfoManager, and forcably delete the encrypted root password and paste in a copy of the encrypted (but known) admin password.

This immediately brings to my mind two major concerns.

1) What is the original root password? Please tell me it is something randomly generated, or perhaps a permutation of the admin password. Please do not tell me that there is a "default" root password for all installs. This would be the worst thing in the world, ever.

2) The fact that anyone with admin access can easily gain root access (via the above method; this has been a problem since PB, at least) is also a terrible idea. Many networked environments, especially educational facilities, have boatloads of people who support the computers and often have wheel accounts (admin status) but should not have root access. All other UNIX-ish OSs that I know of have a firm boundary drawn between wheel and root -- this bug/feature of NetInfoManager is really worrisome.

Anyone with 4K17 want to reinstall a couple of times , typing in different "first passwords" and checking how (if at all) the encrypted text of the root password changes? (heh... I didn't think so). Any other ideas/comments?

Zach
 

hELLO wORLD

Registered
In 4K17 build, the encrypted Root password into NetInfoManager is "*"
I think there is no password, and no way to access to Root account unless an Admin choose one.

And about all admin access, I can't give you the answer, but the "installer guy", should be able to setup NetInfo to block Root acces to certains admins... (I hope... Lol)
 

scruffy

Notorious Olive Counter
Didn't someone around here say that if OS X came without a proper root account, that Apple should change their motto to "We think you are too stupid to trust you with your own computer"?

Well, it wasn't me, but whoever said it had some hefty insight...
 

strobe

Puny Member
scruffy, the truth is even the 'expert' will screw up if he logs in as root, when you make files which litter all over the place as root it screws it up for other users. Look at all the people who have logged in as root then moved a file in the Applications folder.

If you want to avoid typing in root access passwords all the time you should lobby for keychain support whereby you may store your root access password in the keychain which will remain unlocked so long you're at your computer physically, just like how keychain is supposed to be used.

If you really want to access root I suggest the only method needed is using su which any 'expert' knows about already.

Being able to login as root from the console is just asking for trouble which translates into excessive tech support calls.
 

scruffy

Notorious Olive Counter
Experts do not make files all over the place that litter the place up. Anyone who does so is not an expert but a moron. Anyway, I agree with you that most of what you need to do can be done with su, although it is at times more convenient to log in as root.

The point here is that it seemed there was no way at all of setting a root password at all. That is, a Unix computer with no root password. No su, no console login, no ssh login, nothing. No root access at all. So even the expert cannot "sudo vi /etc/rc.common" or whatever.

Anyway, that is not the case. As pointed out in another discussion on this site, setting the root password is a separate part of the installation, and one that you can apparently skip. If you do skip it, then there is presumably no root access at all
 

jove

Member
Hello,
My three cents -

I have many times logged in as root and, yes strobe, did things from the UI. Root user power and UI ease are not mutually exclusive. I avoid the command line - call me a Mac user.

Apple has the right idea to hide the root user. It isn't a matter of trust or a matter of user idiocy. Unix security exists to protect the computer from malicious software/users. If Apple broadcasts the use of root and makes it too accessible - end users may not understand the implications.

Anyway the OS files are Apple's prerogative. Did we have access to the old ROMs? It is important that Apple leaves enough hooks. If Apple leaves an avenue for us blundering "experts" to access root, so much the better.

Jove
 

strobe

Puny Member
There is root access, just use the same password you use as an admin.

You clearly don't understand the pure folly it would be to login as root. You can't help but screw up the system as root because the Finder is being run as root. I dont' give a flip if you consider yourself an expert or not, only an OS X 'moron' would login as root.

Just use su or sudo with your regular admin password.
 

jove

Member
Strobe,

I do not understand why you insist the only smart use of root is from the command line or not at all? When I am doing the moronic activity of hacking the system on my computer I would rather use UI services over the command line.

I agree that Apple should make the Roor user not easily accessed. But why just the command line?

Jove

 

devinci

Registered
Aaaahh

I'm not sure which build I have, I haven't even checked. Sorry for not being die-hard macosx enough.

I haven't used macosX public beta yet since it's useless at the level.

But I discover that root password is the same as the first user password. Upon installng MacOSX public beta for the first time, it will prompt you for this info.

When the login window comes up, I enter root, login, using the same password I was asked for... then immediately, run the terminal, and from there run password, set a new root password. Log out, and then log back in as the user.

This works for me. My problem now is to get it to a minimal usable state as my Linux and OpenBSD counterparts. Cant seem to compile a whole lot of source code out there. Well atleast it looks good. Until apple narrow that gap to freebsd, I'll have to rely on some die-hard coder to port freebsd src for me. :(

 

strobe

Puny Member
Originally posted by jove
Strobe,

I do not understand why you insist the only smart use of root is from the command line or not at all? When I am doing the moronic activity of hacking the system on my computer I would rather use UI services over the command line.

I agree that Apple should make the Roor user not easily accessed. But why just the command line?

Jove

Because you'll screw up UNIX privilages.

The Finder reads and writes a lot of files. If you run it as root you'll screw up your system. Just run it as any admin user and you can alter most things, those you cannot you have the sudo command at your disposal.

Just don't run the Finder as root.
 

zpincus

Registered
And don't forget Pseudo, which can "sudo" any graphical app without recourse to the CLI, if that's your bag.

(Note... strobe makes a very important point... do not pseudo desktop.app! Some people have had success with it, but for me, it did what strobe described, wreaking havoc on everything it touched...)

Zach
 

devinci

Registered
I can understand the many issues upon having finder run as root... also with other things running as root.

Best bet, if you're a REAL hacker trying to hack the system as you please, then you also understand all the risk and consequences of it. PArt of it is screwing up your system to a totally usable and curropted state. If you understand this and won't cry if it does happens. Go ahead and knock your socks off. Have a lot of fun too. That's one way to really learn the in's and out's of an o/s. I hope you're not doing it to a production system. I usually have a spare "beta" system to use as root that won't affect my work should i f**K it up. :)

The rest of us (from experience ofcourse) are wise enough to know NEVER to log in as root on a production system. When you log in as root, you are god of that system. The system may not warn you and stop you from curropting your o/s. Any binary with a bug running as root. *ouch*.

Bottom line. Run as root if you want. AS LONG as you understand all the consequences. If you're just messing around to learn a few things on a "play" system, no problem. Just remember to have them backup cds ready when you need to reload the system. :)

As for limiting commandline to root... I'm not sure about that. I'll have to look into it. I know in other UNIX flavors (Linux, IRIX) whenever I need to do administration, there are GUI that lets me do it as a user. It will prompt me each time for the admin pw. MacOS X may have this?

Also, *IF* I really need something as root, I can "su -" into root, and manually launch the app from command line that will bring up the GUI in X11. I'm sure you can do something like that in MacOSX. Look into it.
 

rharder

Do not read this sign.
resedit, I wouldn't be proud of that.

To all: Minimizing root's footprint by using su or sudo is a matter of good security practice. Sure you <em>could</em> login as root every day to email grandma. Sure you <em>could</em> rearrange your Applications folder as root.

Root will trip you up. No pun intended. Well, maybe a little.

It doesn't matter how smart an OS power user you are. Running complex apps (like GUI apps) as root has problems outside your control.

How many of you remember the SGI's Irix color control panel that ran as setuid=0 (root) for any user? You could load a Color LookUp Table (CLUT). Nice. You could also load and read any file on the entire system. Not nice. This didn't even require a user to log in as root, but it gives you an idea of the unintended consequences possible with the power of root.

I'll say it again: minimizing root's footprint is a good practice. It's your computer, so you can risk it if you want, but every *nix user in the world will say, "What an idiot," when someone reports that a website went down or archives get cracked because someone was surfing the web as root.

-Rob
 

strobe

Puny Member
I don't understand why people wouldn't just use sudo or sudo -s

For the record I changed the owner of my Applications folder to my admin user. This is fine to do so long you don't do the same to /Library/ or /System/.

The only time I have ever wanted the Finder to have root is if I needed to copy a forked file to /library in which case I use /Developer/Tools/CpMac

In my opinion the Finder should just ask for a password when something requiring root is asked of it. Maybe if we all beg Apple for this feature.
 

rharder

Do not read this sign.
Oh yeah, kinda like when you need to Click the Lock to make admin changes. That <em>would</em> be nice to have the Finder prompt you when you did something that required it, and it would scare the heck out of people who didn't know better, and hopefully they wouldn't try it again.

Maybe scaring people is a bad idea, but I'd still like to see the feature somehow implemented.

-Rob
 

iconara

Registered


I find myself having to resort to do things as root when handling my system. It is a rather schizoid system running both X and 9 (for DVD, DivX, Video and CD-burning). However, I try to limit my use of the harddrive to the directory "Mac OS 9" when using Mac OS 9, yet sometimes this is not enought.

When rebooting in Mac OS X I find files and directories like "Desktop Folder", "VM Storage" and "TheVolumeSettingsFolder". These often have strange permissions and creators, somtimes it is root, sometimes my user, commonly in the "unknown" group. To remove these it is usually just to delete them as my (admin)user, but sometimes I don't have the right access privileges. Even if the file is created by me. So I go to the command line and do some rm -f magic on them and they go away - or they give me a message saying that I don't have the right permissions - still. Then I use sudo or su, then they usually go away. If they do not I am forced to log in as root in the GUI and delete them. This usually works. There are however files that can't be deleted even by root, but they are usually deletable if I chown them.

It is confusing, the root/admin user bit. I feel as if my admin is no admin and that the root is crippled when in the GUI.

A final reflection: by default in 4K78, the root password is "*", this means FORBIDDEN, in capitals. I'd guess it's probably the only *NIX system installed without a root user.

Theo Hultberg/Iconara
 

strobe

Puny Member
If you can't delete a file as root then you probably have the immutable bit set.

man chflags
 
Top