Alternatives for outdated assembler (AS)?
René J.V. Bertin
rjvbertin at gmail.com
Fri Apr 10 10:37:53 PDT 2015
On Friday April 10 2015 13:13:22 Lawrence Velázquez wrote:
>> OT, this is a little troubling: "Hidden backdoor API to root
>> privileges in Apple OS X,"
>> https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
I think I saw somewhere this is still something that requires physical access. I'm not sure I believe that, but if true, there's a much more potent "backdoor". Rather, a kick-in-the-front-door: (force a) reboot from a recovery/install medium, and do the password reset from there.
>> Apple really needs to support their products longer than 12 or 18
>> months. That includes security bugs, operating systems and Xcode.
>
>Interesting, but not something we can do anything about.
Actually, I was hoping that maybe "we" includes a member or two with sufficient knowledge how to deactivate the backdoor. I (half) understand that this one is too invasive for Apple to fix transparently without releasing 10.9.6, 10.8.X and 10.7.Y . I also understand that the mechanism is to allow certain apps to gain root privileges without need for entering a password. It ought not be that difficult to deactivate that, and simply require the user to launch those apps through sudo. Could possibly even be done by patching a binary ...
R
More information about the macports-users
mailing list