-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Lost password on Macintosh
- Thread starter lupin
- Start date
darktubbly
Senior member
This article explains how to reset the root password in single user mode, although I hope they fixed this "exploit" in Panther.
darktubbly
Senior member
Originally posted by: Jzero
This article explains how to reset the root password in single user mode, although I hope they fixed this "exploit" in Panther.
Mmm....teh evil.
Boot up with the install cdrom and reset the password with the utilities provided by Apple. I don't remember what it is called exactly, probably "password reset utility" or something...
Also usefull for correcting messed up permissions (a very common malady from apple computers from the plethera of closed source software that gets installed on these type of computers that don't follow Apple's "rules" when it comes to installers.) or run other drive checks.
Definately the best security against something like this is a reinforced locked door. If someone evil has physical access to your computer you can kiss your security goodbye.
Any computer, linux, NT-based windows versions, *BSD, OS X, pretty much everything except some of the big iron or unusual hardware has the ability to have the password resetted in someway. And if you have that disabled or whatnot they can just take a hammer/crowbar to your computer and take the drive or entire computer if they feel like it. (its not like your not going to miss a resetted and changed password, anymore then a missing computer/harddrive)
Also usefull for correcting messed up permissions (a very common malady from apple computers from the plethera of closed source software that gets installed on these type of computers that don't follow Apple's "rules" when it comes to installers.) or run other drive checks.
Single user mode isn't an exploit. If someone has that kind of access to your computer you have more issues than that. Password single user mode? Take the hard drive.
Definately the best security against something like this is a reinforced locked door. If someone evil has physical access to your computer you can kiss your security goodbye.
Any computer, linux, NT-based windows versions, *BSD, OS X, pretty much everything except some of the big iron or unusual hardware has the ability to have the password resetted in someway. And if you have that disabled or whatnot they can just take a hammer/crowbar to your computer and take the drive or entire computer if they feel like it. (its not like your not going to miss a resetted and changed password, anymore then a missing computer/harddrive)
Originally posted by: n0cmonkey
Single user mode isn't an exploit. If someone has that kind of access to your computer you have more issues than that. Password single user mode? Take the hard drive.
Hence "exploit" in quotes, because it's not really an exploit. However, just as with other unix/linux OSes it is a basic and sensible idea that booting into single-user mode not just dump you into a shell with root priveleges without so much as asking for a password. Not every machine can be locked away from physical access, especially user workstations.
There is no such thing as fool-proof security. You have to assume that a dedicated enough enemy will eventually break all of your security measures. You have to work under the paradigm of putting up enough roadblocks that most people will give up. We will spot a workstation with a missing hard drive much more quickly than a workstation with a compromised root password, assuming the cracker just steals data and doesn't make the machine doing anything funny.
Originally posted by: drag
Boot up with the install cdrom and reset the password with the utilities provided by Apple. I don't remember what it is called exactly, probably "password reset utility" or something...
Also usefull for correcting messed up permissions (a very common malady from apple computers from the plethera of closed source software that gets installed on these type of computers that don't follow Apple's "rules" when it comes to installers.) or run other drive checks.
Single user mode isn't an exploit. If someone has that kind of access to your computer you have more issues than that. Password single user mode? Take the hard drive.
Definately the best security against something like this is a reinforced locked door. If someone evil has physical access to your computer you can kiss your security goodbye.
Any computer, linux, NT-based windows versions, *BSD, OS X, pretty much everything except some of the big iron or unusual hardware has the ability to have the password resetted in someway. And if you have that disabled or whatnot they can just take a hammer/crowbar to your computer and take the drive or entire computer if they feel like it. (its not like your not going to miss a resetted and changed password, anymore then a missing computer/harddrive)
Solution: encrypted disk. I've got one. Doesn't everyone? 😉
Originally posted by: Jzero
Originally posted by: n0cmonkey
Single user mode isn't an exploit. If someone has that kind of access to your computer you have more issues than that. Password single user mode? Take the hard drive.
Hence "exploit" in quotes, because it's not really an exploit. However, just as with other unix/linux OSes it is a basic and sensible idea that booting into single-user mode not just dump you into a shell with root priveleges without so much as asking for a password. Not every machine can be locked away from physical access, especially user workstations.
There is no such thing as fool-proof security. You have to assume that a dedicated enough enemy will eventually break all of your security measures. You have to work under the paradigm of putting up enough roadblocks that most people will give up. We will spot a workstation with a missing hard drive much more quickly than a workstation with a compromised root password, assuming the cracker just steals data and doesn't make the machine doing anything funny.
I don't disagree with having an option for a password to single user mode. But personally, I don't want one for my iBook.
Solution: encrypted disk. I've got one. Doesn't everyone?
I don't, encrypted disks seem more trouble then they are worth, but I could see myself running encryption on maybe a partition or something like that for the sensitive stuff.
Originally posted by: drag
Solution: encrypted disk. I've got one. Doesn't everyone?
I don't, encrypted disks seem more trouble then they are worth, but I could see myself running encryption on maybe a partition or something like that for the sensitive stuff.
I don't mean an entirely encrypted system. That would be kind of silly, unless there was some kind of hardware solution... And I think it's only *really* useful in laptops (unless you are worried about people taking the hard drive out of your servers 😛). And OpenBSD's encrypted disk solution is pretty easy. I don't use it on my iBook though, I don't have anything "sensitive" on here really 😛
Originally posted by: n0cmonkey
Originally posted by: drag
Solution: encrypted disk. I've got one. Doesn't everyone?
I don't, encrypted disks seem more trouble then they are worth, but I could see myself running encryption on maybe a partition or something like that for the sensitive stuff.
I don't mean an entirely encrypted system. That would be kind of silly, unless there was some kind of hardware solution... And I think it's only *really* useful in laptops (unless you are worried about people taking the hard drive out of your servers 😛). And OpenBSD's encrypted disk solution is pretty easy. I don't use it on my iBook though, I don't have anything "sensitive" on here really 😛
One thing I think would be interesting to do is instead of having a entire partition or whatnot simply have a loopback filesystem that you keep encrypted. Then if want to get REALY sneaky keep the loopback FS disguised as a coredump (while not mounted) in some backward directory deep in somewhere boring.
Originally posted by: drag
One thing I think would be interesting to do is instead of having a entire partition or whatnot simply have a loopback filesystem that you keep encrypted. Then if want to get REALY sneaky keep the loopback FS disguised as a coredump (while not mounted) in some backward directory deep in somewhere boring.
Do you know how to create swapfiles on Linux? Well on OpenBSD it's probably a bit similar. Basically all I had to do after that was newfs the file, associate it with a device (vnconfig), enter in a passphrase, and mount it. It can basically be named whatever I want. It has to be re-associated with a device every reboot, and I have to type in the correct passphrase for this to all work. It's not bad really. And you can do sneaky stuff like make it look like a core file 😉
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
