Unix/Linux Go Back    


OS X (Apple) OS X is a line of Unix-based graphical operating systems developed, marketed, and sold by Apple.

If you run macOS High Sierra version 10.13.1, be sure to install today's update.

OS X (Apple)


Tags
apple, macos, osx

Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
Don Cragun's Unix or Linux Image
Don Cragun Don Cragun is offline Forum Staff  
Administrator
 
Join Date: Jul 2012
Last Activity: 12 December 2017, 6:43 AM EST
Location: San Jose, CA, USA
Posts: 10,769
Thanks: 590
Thanked 3,769 Times in 3,217 Posts
If you run macOS High Sierra version 10.13.1, be sure to install today's update.

Some hackers found a security hole in macOS High Sierra and tweeted it to the world before telling Apple about the problem. You can see the details from PC Magazine's daily news here: Apple Releases Fix for MacOS High Sierra 'Root' Bug. The original story this morning was published before a patch was available from Apple.
The Following 3 Users Say Thank You to Don Cragun For This Useful Post:
drl (1 Week Ago), vbe (1 Week Ago), wisecracker (1 Week Ago)
Sponsored Links
    #2  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
Neo's Unix or Linux Image
Neo Neo is online now Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 12 December 2017, 9:05 AM EST
Location: Asia pacific region
Posts: 14,086
Thanks: 932
Thanked 1,270 Times in 608 Posts
Yeah, I wonder why most people do not set the root passwd on their OSX (macOS) machines. I guess most users do not work on the command line when using OSX (macOS)?

One simple fix, I read on the net, was to simply have a root passwd (which I have already, of course) ..... but anyway, I installed the update yesterday on all my Macs.
The Following User Says Thank You to Neo For This Useful Post:
wisecracker (1 Week Ago)
Sponsored Links
    #3  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 11 December 2017, 5:48 PM EST
Location: Loughborough
Posts: 1,230
Thanks: 371
Thanked 325 Times in 255 Posts
I run all my machines as a non-admin user so therefore I should be relatively safe. I re-boot to go into admin user mode instead of logging out from non-admin and logging back in to admin mode.

Don, thanks for the heads up...
    #4  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
Neo's Unix or Linux Image
Neo Neo is online now Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 12 December 2017, 9:05 AM EST
Location: Asia pacific region
Posts: 14,086
Thanks: 932
Thanked 1,270 Times in 608 Posts
Quote:
Originally Posted by wisecracker View Post
I run all my machines as a non-admin user so therefore I should be relatively safe. I re-boot to go into admin user mode instead of logging out from non-admin and logging back in to admin mode.
Actually, even as a non-admin users, you can open a terminal and su to root.

Also, I also run macOS as a non-admin user; but when you install a new upgrade, etc the system will ask for your admin passwd.

Basically, everyone should have a root password on macOS even though they do not run as admin. If all users set a root password, then the update would not have been necessary, according to what I read when I dug into the details. The issue, or so it seems, is that many or many most macOS users seem to rarely work on the console and do all their work via the Mac GUI.
The Following User Says Thank You to Neo For This Useful Post:
wisecracker (1 Week Ago)
Sponsored Links
    #5  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
Scott's Unix or Linux Image
Scott Scott is offline Forum Staff  
Administrator
 
Join Date: Jun 2009
Last Activity: 9 December 2017, 8:47 PM EST
Posts: 8,945
Thanks: 380
Thanked 1,238 Times in 1,052 Posts
What a howler of a bug!

I don't remember if I ever even set the root password, I use root so infrequently, and only with sudo. It's a bit silly that they don't enforce that it is set.

My machines were both automatically updated by the time I got up this morning, no action required.
Sponsored Links
    #6  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
drl's Unix or Linux Image
drl drl is online now Forum Advisor  
Registered Voter
 
Join Date: Apr 2007
Last Activity: 12 December 2017, 9:08 AM EST
Location: Saint Paul, MN USA / BSD, CentOS, Debian, OS X, Solaris
Posts: 2,212
Thanks: 250
Thanked 417 Times in 358 Posts
Hi.

The macOS box I use is not physically accessible to anyone else. I was concerned that ssh access might allow the bug, so I tried it, and I failed to gain access.

In addition, have a root password, so I was not concerned about the bug, but it leaves me a little less trusting of Apple ... cheers, drl

Code:
OS, ker|rel, machine: Apple/BSD, Darwin 17.2.0, x86_64
Distribution        : macOS 10.13.1 (17B1003), High Sierra

Sponsored Links
    #7  
Old Unix and Linux 1 Week Ago   -   Original Discussion by Don Cragun
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 11 December 2017, 5:48 PM EST
Location: Loughborough
Posts: 1,230
Thanks: 371
Thanked 325 Times in 255 Posts
Quote:
Originally Posted by Neo View Post
Actually, even as a non-admin users, you can open a terminal and su to root.

Also, I also run macOS as a non-admin user; but when you install a new upgrade, etc the system will ask for your admin passwd.

Basically, everyone should have a root password on macOS even though they do not run as admin. If all users set a root password, then the update would not have been necessary, according to what I read when I dug into the details. The issue, or so it seems, is that many or many most macOS users seem to rarely work on the console and do all their work via the Mac GUI.
Well I have tried using both sudo -s and su ladmin in non-admin mode and neither give me access...
OSX 10.13.0, not updated this machine yet, the iMac is done.

Code:
Last login: Fri Dec  1 17:42:33 on ttys000
AMIGA:amiga~> sudo -s
Password:
Sorry, try again.
Password:
amiga is not in the sudoers file.  This incident will be reported.
AMIGA:amiga~> 
AMIGA:amiga~> su ladmin
Password:
su: Sorry
AMIGA:amiga~> su ladmin
Password:
su: Sorry
AMIGA:amiga~> _

Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Capture power button press on MacOs High Sierra? xedge UNIX for Beginners Questions & Answers 0 10-12-2017 06:04 PM
After update Solaris version, HBA driver still need to install? SmartAntz Solaris 1 02-25-2010 04:08 AM



All times are GMT -4. The time now is 10:09 AM.