Bugtraq mailing list archives
nidump on OS X
From: Dale Harris <rodmur () maybe org>
Date: Sun, 15 Sep 2002 14:28:48 -0700
Basically any normal user can get a dump of the passwd file and attempt brute force attacks on the encrypted passwds, it includes the root passwd. This problem has been around for well over a year, but Apple ignores it: http://www.securitytracker.com/alerts/2001/Jul/1001946.html http://online.securityfocus.com/archive/1/211718 However Apple hasn't seemed to bother addressing it yet since it still persists in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix this problem with a new major release. This obviously isn't such a big problem when you are dealing with only limited access desktop systems, but Xserve exists now, and I would think it'd be a bigger concern. Course you could always chmod 700 nidump. -- Dale Harris rodmur () maybe org /.-)
Current thread:
- nidump on OS X Dale Harris (Sep 17)
- Re: nidump on OS X Jason A. Fager (Sep 18)
- Re: nidump on OS X Blake Watters (Sep 19)
- Re: nidump on OS X Bryan Blackburn (Sep 18)
- Re: nidump on OS X Martin (Sep 18)
- Re: nidump on OS X John C. Welch (Sep 18)
- Re: nidump on OS X Jason A. Fager (Sep 18)