June 1, 2010

Really, Apple?

Apple just showed themselves to be a bit lame about security, at least on Mac OS X two years ago. Here's the story:

My sister had a MacBook to use for college when she was supposed to enroll in 2008. A few weeks later she got sick with her encephalitis, and had her remarkable recovery story.

Unfortunately, she didn't remember the root password she used for her laptop, and it wasn't any of her 'standards' (we'd tried them all). So while she could still use the computer via the auto-login function, she couldn't install or update software (since this requires an authorized user to enter their password). Regarding use of passwords, this was a stranger's computer.

This presented mild problems over the last few years, but this came to a fore last night: with a very outdated iTunes, she couldn't sync her iPhone on her laptop while a summer student at Columbia's School for Continuing Education. This is on top of using and outdated and insecure OS, being unable to install new software...

So I googled "recover lost root password Mac OS X," and lo and behold, the instructions I found worked!

This should not happen. I shouldn't be able to set or reset root passwords with physical access to a stranger's computer. Below is the fix, in both technical terms and non-technical metaphor terms, for the curious:

Technical: Holding Command-S on startup allows you to run in single-user mode, as root. So a simple mount -uw / followed by passwd root allowed me to set the password of user 'root' to letmein. Then I reboot, and log into Mac OS X normally with admin privileges as user root.

Non-technical Metaphor: Suppose you're building is guarded by a lazy doorman. He has a list with all the tenants in the building, but when you walk up to him, you notice he just looks at the placards on the mailboxes. I effectively scribbled 'root' on a postcard, taped it to a mailbox, and walked up to the guard the next day and said "My name is root!" Seeing it written on a mailbox, he let me in and I changed the locks on a stranger's apartment.

While I haven't felt that elated in years (and saved my sister's computer from having its reset to disk factory settings, our best alternative), this is a major lame sauce from Apple.
, >> at
Tags ,

1 comment:

  1. UnknownJune 3, 2010 at 4:19 PM

    Even if they had blocked that route, if you had physical access, you can just use a live cd. Then you just mount all the partitions on the drive and do a chroot. Magically you're in! It's a technique I had to pick up for fixing broken installs, but it also works for the same issue.
    ~rm

    ReplyDelete

Subscribe to: Post Comments (Atom)