CDs are dangerous
Nov. 10th, 2007 12:31 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
rbandrewsPublic Service Announcement Shaming:
Reading how to reset the root password on a Mac led to this little tidbit:
What's that, Apple? Did you just say that if any idiot with a blank CD has physical access to my CD drive, they can root my machine?
I bet the Math Emporium people would find that interesting...
no subject
Date: 2007-11-10 05:40 pm (UTC)no subject
Date: 2007-11-10 07:18 pm (UTC)As stated the only way to protect against this is to hardware encrypt the HDD.
no subject
Date: 2007-11-10 07:25 pm (UTC)Obviously if you have physical access to a machine you can root it, there's no way around that, but at least make it harder than "boot off this easily-obtainable CD". Make it require a screwdriver. Make it where you can't do it without it being immediately obvious to whoever is guarding the machines that you're doing something you shouldn't.
no subject
Date: 2007-11-11 10:21 pm (UTC)The passwords are stored using a known hashing algorithm in a known file using a known salt. The only way to keep someone from being able to overwrite the file is to use encryption to prevent access to it or the salt. Except then there's also the fact that hard drive file security is OS enforced, so if you're booting from an external OS, even if I can't overwrite the password files, I could replace a binary (or tag a line onto your .bashrc) that normally requires sudo-style privilege escalation (so as not to cause suspicion in the user) with one that roots the system. So to protect against that, you've basically got to encrypt every executable.
So now you have to type in a password every time you boot up. That doesn't sound like something the average Mac user wants to do. There's enough that dislike having to log in once, let alone twice. You could theoretically get your encryption password from the hardware, but then your hard drive is tied to your specific motherboard (no more bootable hard drives that you can use different places) and if the MB fails, then the hard drive is locked.
Then there's also the factor that hard drive encryption greatly increases the chance of irrecoverable hard drive corruption and system problems. So Apple has to weigh the combination of risk assessment between the potential cost to them of being disliked for being hackable via boot CD vs. the increased service costs of encryption, potential data loss, and increased consumer dislike of their product because it's gotten harder to use. Far more Mac users are concerned at the idea that someone could change their password than losing ease of use or data loss.
Then there's also the evaluation of what's actually valuable on your hard drive and what's worth fighting hard to protect. Your OS is next to worthless to an attacker or to you (if you lose it) - your user data is.
no subject
Date: 2007-11-11 10:55 pm (UTC)no subject
Date: 2007-11-12 03:27 am (UTC)A tidbit I forgot to tag on previously - most users are prolly more worried that if someone has physical access to their computer that they're going to steal it than root it.
no subject
Date: 2007-11-12 03:49 am (UTC)There are places where there are lots of Macs and most people who use them are not root. One of these is the Math Emporium.
If you boot a Mac off of Knoppix and fiddle around with it, someone walking around watching you, like the people at the Math Emporium, will notice and stop you.
If you boot a Mac off its install disc, it still looks like a Mac unless you look closely, so people walking around watching you won't notice.
Thus, making it just a little bit harder would, in the specific case I mentioned, have a real security benefit.
Why is that so hard to comprehend?