Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Be aware of a multiple user screen lock issue' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Be aware of a multiple user screen lock issue
Authored by: network23 on Dec 26, '07 08:00:17AM

True, but the BIG difference here is that as an admin, you can change the password and gain access to the other user' system, and the other user will know about the access, as the password has changed. In the above situation, the admin has access to the other user's system without the other user's knowledge.

---
Live and Direct, only from
Network 23



[ Reply to This | # ]
10.5: Be aware of a multiple user screen lock issue
Authored by: mantrid on Dec 26, '07 08:34:41AM

It is not difficult for an admin to change a user's password to log in to an account, then change it back, without the other using knowing about it. The exception is a filevault protected account, but even they can be accessed if they are already logged in and the session is just suspended.



[ Reply to This | # ]
10.5: Be aware of a multiple user screen lock issue
Authored by: stewarsh on Dec 27, '07 09:53:47AM

Why change the password at all? As an admin I can have full access to any file you own.

Also with a single command I can become that user without having to know that user's password. Now since OS X is not X11, I'm not certain I can start a GUI session, but I can do anything else I want.

Remember that an admin(aka root-like) on a UNIX machine can pretty much do anything they want.



[ Reply to This | # ]
10.5: Be aware of a multiple user screen lock issue
Authored by: stewarsh on Dec 27, '07 10:00:20AM

Please note, that the above does not apply to a file-vault account since the data there is kept in an encrypted DMG file and cannot be mounted without the right key.



[ Reply to This | # ]