| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Oct 2003 16:26:48 -0500 (EST) From: Jason Storm <jms@...ergun.org> To: bugtraq@...urityfocus.com Subject: Console Root On OSX up to 10.2.8 On all versions of OSX up to and including 10.2.7 and possibly 10.2.8, init can be crashed using a USB keyboard by holding down CTRL-C immediately after boot, and keeping it held down. Init crashes two or three minutes into the boot process and drops you into a root shell. At this point, you can of course modify the file system, or selectively run components of the rc scripts to bring up full OSX functionality without the GUI layer, which will demand a root password and lock you out once its spawned successfully. The 'exploit' is dependant on a USB keyboard being used; it wont work on a powerbook without a USB keyboard attached, for example. This was originally reported to Apple in 1998, and I was informed that this was an 'internal development feature' that would be removed. Three years later I reported this 'internal development feature' again, and received no reply at all. Now that Panther is out and this 'internal development feature' appears to be resolved (no doubt thanks to the massive reworking of OSX USB code), I see no reason not to give people a good reason to upgrade by releasing this info.. peace and blessings, -Jason Storm "Only two things can stop an orgy.. and thats dawn, or a bigger orgy across town."
Powered by blists - more mailing lists