10.13.2 supplemental update & root account

Bjarne D Mathiesen macintosh at mathiesen.info
Mon Jan 15 16:52:51 UTC 2018


William H. Magill wrote:
> As I understood the description of the patch/update — the Root Account is only de-activated if it has no password.
> Making it just like all previous releases of OSX.

It wasn't an issue of having an _active_ root account
The root account wasn't active; but you could still use it in System
Preferences > Users & Groups ; and because it wasn't active, it had no
password - leading to the security blunder and a local exploit

> 
> If you have activated the Root Account and supplied a password, then nothing happens.

Nope - 16 character long non-obvious strong password
still de-activated :-(

I only installed 10.13 when 10.13.2 was released and my root accounts
'survived' that update from 10.12 without any problems at all

But the 10.13.2 supplementary update de-activates the root account
And that update should only have something to do with Spectre and
Safari/WebKit

> 
> Read Mac Rumors description:  
> https://www.macrumors.com/2017/11/29/apple-fixes-root-password-bug-security-update/
> 
> The original bug description:
> https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/
> 

-- 
Bjarne D Mathiesen
Korsør ; Danmark ; Europa
----------------------------------------------------------------------
denne besked er skrevet i et totalt M$-frit miljø
macOS 10.13.2 High Sierra (17C205)
2 x 3,46 GHz 6-Core Intel Xeon ; 48 GB 1333 MHz DDR3 ECC
ATI Radeon HD 5770 1024 MB


More information about the macports-users mailing list