Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'OS 9 boot CD' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
OS 9 boot CD
Authored by: Johnny_B on Dec 02, '02 10:37:28AM

Put in your OS 9 boot CD, restart and push the "C" button while starting up. There is no such thing as security, the only security is to protect the HD, or to encrypt things. UNIX and privileges won't help you. You are being paranoid for no reason, if someone knows that there is such a thing as a terminal at the mac, they know about the OS 9 boot CD.

[ Reply to This | # ]
My fave...
Authored by: robg on Dec 02, '02 11:10:15AM

If someone has physical access and they really want something from the machine, all they need is a screwdriver. Drop a side panel, remove the hard drive, replace the side panel, leave the room. Physical access basically means no security, but this hint still makes it very very easy for someone to do damage in 30 seconds that would otherwise require a few minutes at least.


[ Reply to This | # ]
OS 9 boot CD
Authored by: lolopb on Dec 02, '02 01:02:51PM

Open Firmware Password, no physical access to the computer...

You can do something for this, but if you leave your computer with no sudo password, just open directly your session as root, it's quite quicker, you won't have to write sudo ;-)

Only paranoids will survive...

[ Reply to This | # ]
OS 9 boot CD
Authored by: Anonymous on Dec 03, '02 12:42:58AM
Umm... wrong.

There is a huge difference between booting from a CD and modifying your user environment such that any application can execute code with superuser privileges. In the first case, it takes a long time to boot from a CD and screw with the machine.

In the latter-- in the case of opening up sudo to allow any command without a password-- you are opening up your environment such that any app can do whatever the hell it wants without requiring a password. This means that a simple applescript could 'do shell script "sudo bad thing" and you wouldn't even see a mysterious Password: prompt in a terminal window-- enough to arouse suspicion.

You are absolutely correct that it is basically impossible to secure a machine to which an attacker has physical access, but that doesn't mean you should just give up hope, throw away all locks&keys, and open every door/gateway/window to the kingdom.

[ Reply to This | # ]