

Ask HN: Huge security hole for Mac OS X? Or am I missing something... - jheriko

Isn't this a huge security hole for Macs?<p>http://www.rit.edu/its/services/desktop_support/mac/xforcenewadminacccount.html<p>Strikes me as a way of implementing the first run steps that I never would have chosen as being terribly easy to uncover and exploit... also it feels sloppy for leaving files lying around.<p>Not to mention this is easily discoverable through Google...<p>A few minutes thought leads me to a multitude of more secure solutions, and I find it hard to believe the Apple programmers are really so lazy/naive as to do this without knowing it would be fine...
======
twoodfin
You can do something comparable to this with just about any OS if you have
physical access to the box (as booting into single user mode requires on OS X)
and the BIOS has no password protection.

E.g., Boot from a flash drive that can mount NTFS. Now you have full access to
your Windows file system.

Encryption is the only solution here (a BIOS password doesn't stop someone
with physical access from removing your disk), and OS X supports that as well.

------
Millennium
Once you're in single-user mode, there are lots of ways to do this sort of
thing. Deleting that file and rebooting is convenient, but actually fairly
roundabout: there are more direct methods of adding an account that don't
require another reboot.

------
jheriko
formatting seemed to go wrong there..

[http://www.rit.edu/its/services/desktop_support/mac/xforcene...](http://www.rit.edu/its/services/desktop_support/mac/xforcenewadminacccount.html)

