Slashdot: Screensaver Bug in Mac OS X

manly

Lifer
Jan 25, 2000
12,242
3,160
136
My favorite comment: http://apple.slashdot.org/comments.pl?sid=70041&cid=6375416

Now all those windoids will have no reason not to switch, as MacOS X now provides all the features of Windows, including a security hole.

I'm sorry but you're going to have to provide support for more than a single security hole before you convince me to switch. Windows has a proven track record of reliable security holes in almost every portion of the system, everything from E-mail to wordprocessors to Plug-N-Play and more.
 

Barnaby W. Füi

Elite Member
Aug 14, 2001
12,343
0
0
Good stuff :)

On one hand it is a pretty big deal, you would figure apple would know better than to use a fixed-size character array for user input, almost pathetic. But then again, as someone mentioned on macslash, there is also this huge local security hole called the power button. ;) (plus the fact that some macs open up with a simple latch)
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
you would figure apple would know better than to use a fixed-size character array for user input,

Using a fixed size isn't a problem, but you have to check the input to see if it fits in that buffer before copying it =)

But then again, as someone mentioned on macslash, there is also this huge local security hole called the power button.

Yes but in certain environments it's not feasible to take the hard drive out and leave with it, so putting an OBP password and screensaver password is enough to protect the box, as long as the screensaver isn't easily bypassed like this.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Nothinman
you would figure apple would know better than to use a fixed-size character array for user input,

Using a fixed size isn't a problem, but you have to check the input to see if it fits in that buffer before copying it =)

I wonder how many similar bugs can be found in programs we use every day. I know the OpenBSD people found plenty of them in the past, and I am sure there are plenty more to find...
 

DeadMilkman

Member
Mar 27, 2003
133
0
0
Personally I think its a nearly "non problem"

If someone has physical access to your machine it doesn't matter what OS your running,
They
will
get
in.

Every filesystem has a way around its security, IF you have physical access to it.

Now if this had any remote access bearing then I would be worried.

Screen Saver security is "dumb scmuck" security...it protects you from most dumb scmucks while your away from the screen.