OS X has root:
$ ls -ld /var
lrwxr-xr-x 1 root admin 11 Aug 11 2006 /var -> private/var
$ ls -l /private
total 0
drwxr-xr-x 107 root wheel 3638 Oct 2 21:25 etc
drwxr-xr-x 3 root wheel 102 Aug 1 2006 tftpboot
drwxrwxrwt 22 root wheel 748 Oct 27 18:23 tmp
drwxrwxrwt 4 root wheel 136 Mar 12 2007 tmp 2
drwxr-xr-x 26 root wheel 884 Oct 27 10:03 var
$ # run from Tiger
Oh and here's nice security: boot a Mac and hit Command+S while
booting (before the Apple logo/Happy Mac) and you're root. No
password required.
On Oct 27, 2007, at 6:20 PM, don bailey wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
clearly, you're not getting an account on my machine.
This goes back to the typical MacOSX argument:
"If I have MacOSX laptop and you compromise my local
account, it doesn't matter because you haven't
gotten root, right?"
Of course, this isn't true because all your data is owned
by your user credentials. If someone compromises a single
user laptop they don't need root or any other super user
semantic. Being you compromises all the information
necessary to hurt you: banking information, SSN, credit
card info, e-mail logins, locally stored files, etc...
I'd say that's enough of a problem. Even Plan 9's well
designed authentication domains don't properly mitigate
the issue of the local account being compromised.
D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHI7mryWX0NBMJYAcRAmSjAKCWXuQeAO7mTXKlwChpRYb1BDV0eQCeJn2t
1gCP7bJWlAofxI4Ta4oZeig=
=f3q/
-----END PGP SIGNATURE-----
