Don't Push Me! Mac OS

broken image
Push

Provided to YouTube by Universal Music GroupDon't Push Me Coco JonesShake It Up: Live 2 Dance℗ 2012 Walt Disney RecordsReleased on: 2012-01-01Producer: Ben. What makes Mac such a great development platform is probably all the amazing OS X developer tools it supports. Having a proper set of tools is of crucial importance to any programmer, as it allows building all sorts of powerful apps for users to stay productive and entertained on iPhones, iPads, Apple TVs or Macs.


Allow sudo access without a password | 21 comments | Create New Account
Click here to return to the 'Allow sudo access without a password' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.

Just a little thing, visudo calls your defalut editor, so, if you wrote :
setenv EDITOR [my editor, say pico]
in your .tcshrc, visudo will check if the editor is sudo compliant (pico is) and will launch it, so you don't have to learn vi to change sudo settings.
I agree, making these changes in sudo is DANGEROUS for security reasons !

Put in your OS 9 boot CD, restart and push the 'C' button while starting up. There is no such thing as security, the only security is to protect the HD, or to encrypt things. UNIX and privileges won't help you. You are being paranoid for no reason, if someone knows that there is such a thing as a terminal at the mac, they know about the OS 9 boot CD.

If someone has physical access and they really want something from the machine, all they need is a screwdriver. Drop a side panel, remove the hard drive, replace the side panel, leave the room. Physical access basically means no security, but this hint still makes it very very easy for someone to do damage in 30 seconds that would otherwise require a few minutes at least.
-rob.

Open Firmware Password, no physical access to the computer..
You can do something for this, but if you leave your computer with no sudo password, just open directly your session as root, it's quite quicker, you won't have to write sudo ;-)
Only paranoids will survive..

Umm.. wrong.
There is a huge difference between booting from a CD and modifying your user environment such that any application can execute code with superuser privileges. In the first case, it takes a long time to boot from a CD and screw with the machine.
In the latter-- in the case of opening up sudo to allow any command without a password-- you are opening up your environment such that any app can do whatever the hell it wants without requiring a password. This means that a simple applescript could 'do shell script 'sudo bad thing' and you wouldn't even see a mysterious Password: prompt in a terminal window-- enough to arouse suspicion.
You are absolutely correct that it is basically impossible to secure a machine to which an attacker has physical access, but that doesn't mean you should just give up hope, throw away all locks&keys, and open every door/gateway/window to the kingdom.

A better way might be to enable Root User in the NetInfo Manager.
Fishy (itch) (lost in games) mac os. Open NetInfo Manager, go to the Security menu and select 'Authenticate'. After authenticating go back to the Security menu and select 'Enable Root User'. Now in the terminal instead of typing sudo every time, you can just type su and be logged in as root. When you are done type exit.

This has been talked about before, i use this hint at home bcause every command typed with sudo on the start is loged, i like to know what i did and why, if you use su -m or sudo tcsh the commands are not loged after that point. I find logs handy and use them all the time
but your all right, it makes your box open for attacks, but being at the computer does that. single user mode, boot with an osx cd and change the root password, take the HD and of course os9.
This is something i like to do personally not for every thing. NEVER EVER use this hint on a server, EVER, its not a very smart thing, a desk top is not so bad but if paranoid dont do this its not worth lying awake at night

What you can do on a server is that you can permit certain users or groups to execute certain commands as root i.e. adding a user or something like that. Sudo is very useful for that and having the NOPASSWD option is good so you can give this access to certain users via a script.
Remember if you use the '%admin' hint, the 'assailant' still has to know the username and password of an 'admin' user to be able to execute commands via sudo as root and if they know an admins password, they will already be logged in and running whatever as root anyway!

Don't do this if you ever connect to the internet, even with a 56K connection. You may end up being a relay station for every Windows worm in existence.., and I sincerely hope you have absolutely no app that even resembles a server application, no matter how small. And I REALLY hope you do not have a high speed connection. To sum it up, this is an irresponsible move., not only to yourself, but to others as well.

.. open your power supply (while still plugged in), pee on it.
This 'hint' is very bad advice to follow.

I type 'sudo -s' enter my password and I am free to screw up my computer any way I want as a super user.
Nevermind letting someone else do it.

Why would you even bother posting this hint? Users sacrifice security for convenience all the time, and some things, like this particular hint take it too far. The nice thing about OSX and other Unixes are their security model, where a regular does *not* have full access to the system without manually sudo'ing or su'ing to root and typing a password. By making a user have full access, you've basically turned the system into a windows 98 machine with virtually no local security policies at all, leaving worms/trojans/viruses free to do whatever they want to your system, and making it way easier for an attacker to do bad things.
Ask any unix admin about this hint, if you tell them you've done it, they will likely kick you in the shin.

Actually, a lot of 'hardcore UNIX admins' have this enabled for their personal account. As long as you have a good password, don't do silly things like run system daemons as the same UID, use system accounts for apache authentication and such, there's no harm in this. Don't enable it for other accounts or users who aren't UNIX-savvy as they may have weak passwords or use services that allow cleartext password transfers.

If any of those 'hardcore Unix admins' have done this, I hope they only run command-line programs or GUI apps that they themselves have written and so can have complete trust in.

As others have explained (e.g. 'bbum' above), the problem is that any program running under your account can (with this 'hint') get full control of the machine. Super fun action chess mac os. And a sufficiently clever piece of malware can do this without leaving any noticeable trace - so you might never know that your machine has been taken over.

I strongly recommend against implementing this hint. Kamelot the demon hunter mac os.

What's the complaint? If people want root access without writing their password every time, they are allowed to. The difference between them doing it by activating the root account, being smart and just 'sudo su' whenever lots of root access needed commands are being performed, or using this hint with their regular account/admin account is fleeting. Someone says 'why not pee at your power supply while you're at it' while another argues '..you've basically turned the system into a windows 98 machine with virtually no local security policies at all, leaving worms/trojans/viruses free to do whatever they want to your system'. Bogus. How can you claim that? The user still needs to log in, remember? What it does is give the accounts that can sudo withot password effective root status. Which of course is a serious security setback if on a server or something, but obviously not any more of a risk than having an activated root account which the user logs in as.
Personally I won't ever use this hint, but not because of security (well that too, I'm running an ftp server), but rather because I find it utterly useless. Using one or a few commands that need root access having to type sudo first isn't a big deal, more like a 1/2-second deal.. and whenever lots of work is needed with root access, there's the sudo su or sudo -s.

Windows security idea: The user is the 'admin'.
Unix security idea: The program has root.
Because really, you don't do anything. You rely on a bunch of programs that do things, and hope that none of them is a trojan.
And then, say, one of those small apps you downloaded from VersionTracker (or whatever) realizes it doesn't need a password to sudo. So?
execl('/usr/bin/sudo','sudo','rm','-Rf','/');
(I'll assume everyone here is smart enough not to do that)
If you want root without typing lots of passes, su. Or you can sudo tcsh. But never give every other program you run the ability to do anything, too.
On another note, my Apps folder is 'chmod 1775'ed and the apps themselves are 'chmod -R 755'ed and 'chown -R root'ed. So I can add apps to the folder, but I can't edit the apps. Any new apps are chmod'd and chown'd. I'd copy them as root in the first place, if cp did resource forks and stuff correctly.
But then again, I'm paranoid =-)

My Applications folder is read-only for all user accounts. Yet they can still run apps. So you might be able to chmod 744 your apps if you're really paranoid.
Chris

I don't know if I am going to do the right thing but I am goingg to use the sudo because I lost my admin password and screwed up my hostconfig file trying to make my cd mount correctly. So all I get is the UNIX interface. I am assuming if I use the sudo command it will give me access to delete or modify the hostconfig file and I should be ok. Unless someone has a better idea??

Don't Push Me Mac Os Download

Here's what I did:
I changed the hostconfig file as reccomended by apple because it wasn't mounting my cd's in OSX. I must have done something wrong because now it will no start up I just get the the terminal screen. I tried to delete the hostconfig file but it will not give me access because I forgot the admin password (it's not my computer!!). Does anybody have a solution for either resetting the admin password or is deleting the hostconfig the only option?
shayster01@yahoo.com
Thanks!

What changes did you make to the hostconfig? (can you reference the Apple URL that recommended this?)
If you're trying to type the admin password in response to the 'sudo' command, it's asking for your password not the admin password.

Don't Push Me Mac Os Pro

If you still have access to a user account that's in the admin group, try this: sudo -s (enter YOUR password) cp /etc/hostconfig /etc/hostconfig.bak cat << DONE > /etc/hostconfig HOSTNAME=-AUTOMATIC- ROUTER=-AUTOMATIC- AUTOMOUNT=-YES- DONE sync shutdown -r now




broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save