Old and Known
Here is a very old and known issue with Mac: Too many ways to bypass authentications and too few fixes.
A week ago, a person emailed us (SecuriTeam) about another bypassing issue in Mac OS X Tiger (10.4 family).
The person told us that he was able to change the root password (because he couldn’t remembered it) using the Netinfo program.
Sounds ok… on any *nix I can change the root password. All I need is to become a sudoer, or become root some other way, without necessarily knowing the root password.
But here, the person did not have any special privileges, as far as I could understand, and still he was able to change the ROOT password.
I don’t have a Mac to test this issue on so searching SecuriTeam and using google I was able to find that this issue was known even before Mac OS X. That is, Mac users could bypass user access restrictions. There was an unofficial patch to fix this issue, and theoretically, Apple fixed this for Tiger as well.
But this person claims that his system is up to date, and that he can still bypass any root based authentication in order to change the password.
There is no reason to publish this as news in SecuriTeam, because this is a known issue that was reported back in 2001 by us. Repeating the same story where the only change is that it works with newer versions is useless, so I decided to blog it instead.
I really hope that Apple fixes this issue once and for all, but then again, thats why I prefer open source products. If the vendor does not fix the problem, I can always find a way to fix it, at least for myself…