Unix/Linux Go Back    


OS X (Apple) OS X is a line of Unix-based graphical operating systems developed, marketed, and sold by Apple.

If you run macOS High Sierra version 10.13.1, be sure to install today's update.

OS X (Apple)


Tags
apple, macos, osx

Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 11-29-2017   -   Original Discussion by Don Cragun
Don Cragun's Unix or Linux Image
Don Cragun Don Cragun is offline Forum Staff  
Administrator
 
Join Date: Jul 2012
Last Activity: 22 May 2018, 6:14 AM EDT
Location: San Jose, CA, USA
Posts: 11,300
Thanks: 633
Thanked 3,932 Times in 3,365 Posts
If you run macOS High Sierra version 10.13.1, be sure to install today's update.

Some hackers found a security hole in macOS High Sierra and tweeted it to the world before telling Apple about the problem. You can see the details from PC Magazine's daily news here: Apple Releases Fix for MacOS High Sierra 'Root' Bug. The original story this morning was published before a patch was available from Apple.
The Following 3 Users Say Thank You to Don Cragun For This Useful Post:
drl (11-30-2017), vbe (11-30-2017), wisecracker (11-30-2017)
Sponsored Links
    #2  
Old Unix and Linux 11-30-2017   -   Original Discussion by Don Cragun
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 21 May 2018, 9:52 PM EDT
Location: Asia pacific region
Posts: 14,368
Thanks: 994
Thanked 1,369 Times in 652 Posts
Yeah, I wonder why most people do not set the root passwd on their OSX (macOS) machines. I guess most users do not work on the command line when using OSX (macOS)?

One simple fix, I read on the net, was to simply have a root passwd (which I have already, of course) ..... but anyway, I installed the update yesterday on all my Macs.
The Following User Says Thank You to Neo For This Useful Post:
wisecracker (11-30-2017)
Sponsored Links
    #3  
Old Unix and Linux 11-30-2017   -   Original Discussion by Don Cragun
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 19 May 2018, 3:23 PM EDT
Location: Loughborough
Posts: 1,261
Thanks: 377
Thanked 338 Times in 265 Posts
I run all my machines as a non-admin user so therefore I should be relatively safe. I re-boot to go into admin user mode instead of logging out from non-admin and logging back in to admin mode.

Don, thanks for the heads up...
    #4  
Old Unix and Linux 11-30-2017   -   Original Discussion by Don Cragun
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 21 May 2018, 9:52 PM EDT
Location: Asia pacific region
Posts: 14,368
Thanks: 994
Thanked 1,369 Times in 652 Posts
Quote:
Originally Posted by wisecracker View Post
I run all my machines as a non-admin user so therefore I should be relatively safe. I re-boot to go into admin user mode instead of logging out from non-admin and logging back in to admin mode.
Actually, even as a non-admin users, you can open a terminal and su to root.

Also, I also run macOS as a non-admin user; but when you install a new upgrade, etc the system will ask for your admin passwd.

Basically, everyone should have a root password on macOS even though they do not run as admin. If all users set a root password, then the update would not have been necessary, according to what I read when I dug into the details. The issue, or so it seems, is that many or many most macOS users seem to rarely work on the console and do all their work via the Mac GUI.
The Following User Says Thank You to Neo For This Useful Post:
wisecracker (12-01-2017)
Sponsored Links
    #5  
Old Unix and Linux 11-30-2017   -   Original Discussion by Don Cragun
Scott's Unix or Linux Image
Scott Scott is offline Forum Staff  
Administrator
 
Join Date: Jun 2009
Last Activity: 20 May 2018, 3:57 AM EDT
Posts: 9,060
Thanks: 398
Thanked 1,279 Times in 1,082 Posts
What a howler of a bug!

I don't remember if I ever even set the root password, I use root so infrequently, and only with sudo. It's a bit silly that they don't enforce that it is set.

My machines were both automatically updated by the time I got up this morning, no action required.
Sponsored Links
    #6  
Old Unix and Linux 11-30-2017   -   Original Discussion by Don Cragun
drl's Unix or Linux Image
drl drl is offline Forum Advisor  
Registered Voter
 
Join Date: Apr 2007
Last Activity: 21 May 2018, 12:52 PM EDT
Location: Saint Paul, MN USA / BSD, CentOS, Debian, OS X, Solaris
Posts: 2,223
Thanks: 260
Thanked 420 Times in 361 Posts
Hi.

The macOS box I use is not physically accessible to anyone else. I was concerned that ssh access might allow the bug, so I tried it, and I failed to gain access.

In addition, have a root password, so I was not concerned about the bug, but it leaves me a little less trusting of Apple ... cheers, drl


Code:
OS, ker|rel, machine: Apple/BSD, Darwin 17.2.0, x86_64
Distribution        : macOS 10.13.1 (17B1003), High Sierra

Sponsored Links
    #7  
Old Unix and Linux 12-01-2017   -   Original Discussion by Don Cragun
wisecracker's Unix or Linux Image
wisecracker wisecracker is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 19 May 2018, 3:23 PM EDT
Location: Loughborough
Posts: 1,261
Thanks: 377
Thanked 338 Times in 265 Posts
Quote:
Originally Posted by Neo View Post
Actually, even as a non-admin users, you can open a terminal and su to root.

Also, I also run macOS as a non-admin user; but when you install a new upgrade, etc the system will ask for your admin passwd.

Basically, everyone should have a root password on macOS even though they do not run as admin. If all users set a root password, then the update would not have been necessary, according to what I read when I dug into the details. The issue, or so it seems, is that many or many most macOS users seem to rarely work on the console and do all their work via the Mac GUI.
Well I have tried using both sudo -s and su ladmin in non-admin mode and neither give me access...
OSX 10.13.0, not updated this machine yet, the iMac is done.


Code:
Last login: Fri Dec  1 17:42:33 on ttys000
AMIGA:amiga~> sudo -s
Password:
Sorry, try again.
Password:
amiga is not in the sudoers file.  This incident will be reported.
AMIGA:amiga~> 
AMIGA:amiga~> su ladmin
Password:
su: Sorry
AMIGA:amiga~> su ladmin
Password:
su: Sorry
AMIGA:amiga~> _

Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Capture power button press on MacOs High Sierra? xedge UNIX for Beginners Questions & Answers 0 10-12-2017 05:04 PM
After update Solaris version, HBA driver still need to install? SmartAntz Solaris 1 02-25-2010 03:08 AM



All times are GMT -4. The time now is 09:50 AM.