Re: Mac OS X security

  • From: "M.K. Chatterji" <chat@xxxxxxxxxxxxxxxxxxxxxx>
  • To: technocracy@xxxxxxxxxxxxxxxxx
  • Date: Tue, 18 Jul 2000 23:56:31 -0500


Of course this isn't very different from any Unix box, where physical access allows full access if you have the right floppy/CD tools.


In the end it will be dependent on how Apple markets their new Unix-based machines/OS and differentiating servers from enduser boxes. They could get a lot of bad press when Joe Mac-user complains about how his workstation got hacked because he left it running overnight.

I also wonder how hack-proof Mac OS-X servers will be to remote hackers of BSD systems. As far as I know, no one (the US Army included, after they went to Mac front-ends) has hacked a Mac OS 7,8,9 server remotely. Even with large rewards offered, including Mac software engineers.

-Chat


P.S. Frankly I see a great advantage to us Mac users who need to deploy OS X but who don't know or remember much about Unix (like me) and know that if all else fails, they can boot it up with OS 9 and do whatever they want--including shooting ourselves in the foot! (Hey let's face it, unlike the Technocrats on Technocracy, the majority of the world out there consists of the "Joe Nocursor" -- brought to you courtesy of the ubiquitous MS OSes as they continue to populate the world.)


Jerry Hargis wrote:

Although I know that the Mac OS is of limited interest to the majority
of the members, I thought this was at least thought provoking. The
following notes were taken from a technology column (Ask Al)  on the
Alsoft web site.





Subject

Mac OS X

Question

What type of access controls does Mac OS X have for files and folders?


Answer


Mac OS X inherits UNIX file and folder access controls which are
similar to those offered by AppleShare. Using these access controls you
can determine which users can execute which applications and which users
can view and/or modify which files and folders.

Under Mac OS X, every user must log in with a password (although it's
possible to log in automatically if you want to treat your Mac as a
single user computer). Access controls are tied to individual users and
groups of users. New files and folders are assigned default access
permissions when they are created.

The creator of a file or folder is known as the owner and can later
widen or narrow the default permissions assigned to it. The owner can
change access to a file or folder by assigning it to a particular user
(who becomes the new owner) and/or a particular group and then assigning
read, write and execute permission to each. There are an additional set
of permissions that can be assigned for all other users.



Subject

Mac OS X

Question

Can you defeat the file and folder access controls of Mac OS X by
starting from a different disk?

Answer

Mac OS X implements UNIX file and folder access controls. If you start
a Mac running Mac OS X from a different disk, you can easily bypass
these access controls. Let's say you start up from a Mac OS 9 CD. Mac OS
9 knows how to access an HFS Plus disk, but it completely ignores any
file ownership and access privileges that you might have set up.

UNIX file and folder access controls work best on remote users. To
ensure the security of your files you'll need to prevent someone from
restarting your Mac. You can either prevent physical access to your Mac
or modify it in some way to prevent restarting from another disk.


Other related posts: