

Breaking Into the OS X Keychain - dcope
http://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain

======
delinka
Something like this is very difficult to mitigate. You don't want to harass
your user endlessly to unlock the keychain to get tokens and keys and
passwords while they run their apps and visit websites.

The super user is always going to have access to whatever comes through the
memory of the system anyway. Keeping the keychain unlocked just makes the
access window larger, but keeping it locked always doesn't solve the problem
if someone else has root access to your Mac. With root access they can install
kernel extensions and just take anything and everything. (i.e. you're still
screwed when a privilege escalation attack is found, even if you keep your
keychain locked.)

Takeaway: Don't activate the root user if you don't need it. Don't allow
remote access to your Mac for other users. Find other solutions instead.

