|
|
A vulnerability with the screensaver password lock
All you have to do is use fast user switching to go to the login window. The only problem with doing this is that iChat will disconnect. Once in the login window then nobody can log into your session, not even an administrator.
A vulnerability with the screensaver password lock
You're right that this gets around the problem I raised, but then this brings up other issues. With fast user switching, your session is still active in memory, and there are ways of snooping around in someone else's active login session.
A vulnerability with the screensaver password lock
I cannot get this 'vulnerability' to manifest itself no matter how many different ways I try.. what's the deal?
But it's supposed to be multiuser!
The company I work for explicitly discourages anyone from using Fast User Switching on their desktop for exactly these reasons, and while I don't mind having it turned on at home where it's just me, my wife, and the cat, I agree that it's a good policy to forbid it at work.That's really amusing to me, considering the origins of UNIX (of which OS X is a descendent). I mean, the whole idea was to try and provide a secure environment where multiple people could work on the same machine without interfering with each other. In fact, it wasn't until about 10 years ago that were a substantial number of companies that could afford to implement such a policy as you describe for their UNIX machines! Until then, there was a mainframe or workstation serving many (sometimes hundreds or even thousands) of users who had dumb terminals. Cheap UNIX boxes are pretty new inventions. Anyway, you are correct that there are a few covert channels through which to snoop on other users. In addition, local privilege escalation security vulnerabilities sometimes pop up. But really, as long as you only let truly trusted (and careful) users have administrator privileges, I think the sorts of additional threats presented by having multiple users on the same machine are pretty minimal. (You should make sure the default UMASK is set so that new folders & files are not readable by others.)
But it's supposed to be multiuser!
You wrote, " (You should make sure the default UMASK is set so that new folders & files are not readable by others.)". I'm too much a *nix newbie to know how to do that, or what side effects that might produce. Would anyone please explain how to do it, and offer any warnings or advice about it? |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.15 seconds |
|