• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Slashdot: Screensaver Bug in Mac OS X

M

manly

Lifer
My favorite comment: http://apple.slashdot.org/comments.pl?sid=70041&cid=6375416

Now all those windoids will have no reason not to switch, as MacOS X now provides all the features of Windows, including a security hole.

I'm sorry but you're going to have to provide support for more than a single security hole before you convince me to switch. Windows has a proven track record of reliable security holes in almost every portion of the system, everything from E-mail to wordprocessors to Plug-N-Play and more.
Click to expand...
 
Good stuff 🙂

On one hand it is a pretty big deal, you would figure apple would know better than to use a fixed-size character array for user input, almost pathetic. But then again, as someone mentioned on macslash, there is also this huge local security hole called the power button. 😉 (plus the fact that some macs open up with a simple latch)
 
you would figure apple would know better than to use a fixed-size character array for user input,
Click to expand...

Using a fixed size isn't a problem, but you have to check the input to see if it fits in that buffer before copying it =)

But then again, as someone mentioned on macslash, there is also this huge local security hole called the power button.
Click to expand...

Yes but in certain environments it's not feasible to take the hard drive out and leave with it, so putting an OBP password and screensaver password is enough to protect the box, as long as the screensaver isn't easily bypassed like this.
 
Originally posted by: Nothinman
you would figure apple would know better than to use a fixed-size character array for user input,
Click to expand...

Using a fixed size isn't a problem, but you have to check the input to see if it fits in that buffer before copying it =)
Click to expand...

I wonder how many similar bugs can be found in programs we use every day. I know the OpenBSD people found plenty of them in the past, and I am sure there are plenty more to find...
 
Personally I think its a nearly "non problem"

If someone has physical access to your machine it doesn't matter what OS your running,
They
will
get
in.

Every filesystem has a way around its security, IF you have physical access to it.

Now if this had any remote access bearing then I would be worried.

Screen Saver security is "dumb scmuck" security...it protects you from most dumb scmucks while your away from the screen.
 
You must log in or register to reply here.
Back
Top