Of course this isn't very different from any Unix box, where physical access allows full access if you have the right floppy/CD tools.
In the end it will be dependent on how Apple markets their new Unix-based machines/OS and differentiating servers from enduser boxes. They could get a lot of bad press when Joe Mac-user complains about how his workstation got hacked because he left it running overnight.
I also wonder how hack-proof Mac OS-X servers will be to remote hackers of BSD systems. As far as I know, no one (the US Army included, after they went to Mac front-ends) has hacked a Mac OS 7,8,9 server remotely. Even with large rewards offered, including Mac software engineers.
P.S. Frankly I see a great advantage to us Mac users who need to deploy OS X but who don't know or remember much about Unix (like me) and know that if all else fails, they can boot it up with OS 9 and do whatever they want--including shooting ourselves in the foot! (Hey let's face it, unlike the Technocrats on Technocracy, the majority of the world out there consists of the "Joe Nocursor" -- brought to you courtesy of the ubiquitous MS OSes as they continue to populate the world.)
Jerry Hargis wrote:
Although I know that the Mac OS is of limited interest to the majority of the members, I thought this was at least thought provoking. The following notes were taken from a technology column (Ask Al) on the Alsoft web site.
Mac OS X
What type of access controls does Mac OS X have for files and folders?
Mac OS X inherits UNIX file and folder access controls which are similar to those offered by AppleShare. Using these access controls you can determine which users can execute which applications and which users can view and/or modify which files and folders.
Under Mac OS X, every user must log in with a password (although it's possible to log in automatically if you want to treat your Mac as a single user computer). Access controls are tied to individual users and groups of users. New files and folders are assigned default access permissions when they are created.
The creator of a file or folder is known as the owner and can later widen or narrow the default permissions assigned to it. The owner can change access to a file or folder by assigning it to a particular user (who becomes the new owner) and/or a particular group and then assigning read, write and execute permission to each. There are an additional set of permissions that can be assigned for all other users.
Mac OS X
Can you defeat the file and folder access controls of Mac OS X by starting from a different disk?
Mac OS X implements UNIX file and folder access controls. If you start a Mac running Mac OS X from a different disk, you can easily bypass these access controls. Let's say you start up from a Mac OS 9 CD. Mac OS 9 knows how to access an HFS Plus disk, but it completely ignores any file ownership and access privileges that you might have set up.
UNIX file and folder access controls work best on remote users. To ensure the security of your files you'll need to prevent someone from restarting your Mac. You can either prevent physical access to your Mac or modify it in some way to prevent restarting from another disk.