Mac OS High Sierra: how to switch to root without a password
-
- Go to System Preferences>Users & Groups>Click the lock to make changes
- Leave the password field empty
- Click 'Unlock' a bunch of times
- You're in!
Edit: doing this from system preferences causes a root account without a password to be created/enabled. Once that's done, it is possible to log in as root from the login screen.
-
Woah! Haha!
-
-
@kt_ said in Mac OS High Sierra: how to switch to root without a password:
Woah! Haha!
It just works!
Seriously, though -- I'm interested in seeing whether or not this actually gives root access, or if it's a UI fuckup. I mean, doing something as another account has to be a pretty low-level, highly secured process, right?
And before everyone freaks about about root access allowing you to completely fry someone's laptop, note that root on macs is not the same as root on linux, because SIP limits the root account's permissions through hardware controls.
-
This puts High Sierra on the same level of security as Microsoft Bob.
Good job, Apple.
-
@the_quiet_one said in Mac OS High Sierra: how to switch to root without a password:
This puts High Sierra on the same level of security as Microsoft Bob.
Good job, Apple.
Thanks , found this thanks to you:
-
How the fuck does a bug like that happen?
Seems like a race condition with pressing the button while it's processing the previous press... but how do you mess up so badly that that leads to accepting the request for root access?
-
@anonymous234 said in Mac OS High Sierra: how to switch to root without a password:
How the fuck does a bug like that happen?
Back door.
-
@anonymous234 said in Mac OS High Sierra: how to switch to root without a password:
Seems like a race condition with pressing the button while it's processing the previous press... but how do you mess up so badly that that leads to accepting the request for root access?
They can't handle that for simple things like MATH, after all. PRETTY ANIMATIONS MUST ALWAYS WIN!
-
@the_quiet_one said in Mac OS High Sierra: how to switch to root without a password:
This puts High Sierra on the same level of security as Microsoft Bob.
Not quite — Microsoft Bob’s security is ingeniously provided by its UI. It’s more secure than the underlying Windows 3.1 by the fact that you’ll very quickly want to give up using MS Bob altogether if you try to do anything at all with it.
-
@blakeyrat said in Mac OS High Sierra: how to switch to root without a password:
@anonymous234 said in Mac OS High Sierra: how to switch to root without a password:
How the fuck does a bug like that happen?
Back door.
It's not a bug, it's a feature. For when people forget their root password.
-
Someone on the Apple developer forums was aware of this on Nov 13:
-
And here's someone stepping through the relevant code:
-
@bb36e That's useful. Doesn't look like it enabled all root accounts with a blank password, but when trying to log in as a disabled user it incorrectly detects '*' (disabled) as an "old" password hash and creates a "new" password hash with the specified password. Still pretty egregious, but should be fixable without enabling any more accounts that should have been disabled and without disabling accounts that were meant to be enabled.
-
@anonymous234 said in Mac OS High Sierra: how to switch to root without a password:
How the fuck does a bug like that happen?
Seems like a race condition with pressing the button while it's processing the previous press... but how do you mess up so badly that that leads to accepting the request for root access?
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail;
-
@heterodox said in Mac OS High Sierra: how to switch to root without a password:
@bb36e That's useful. Doesn't look like it enabled all root accounts with a blank password, but when trying to log in as a disabled user it incorrectly detects '*' (disabled) as an "old" password hash and creates a "new" password hash with the specified password. Still pretty egregious, but should be fixable without enabling any more accounts that should have been disabled and without disabling accounts that were meant to be enabled.
More specifically, it sounds like after it detects it as an "old" password hash, it tries to match the user-entered password to it, and the function doing that check is either incorrectly returning "true" or the value it's returning (1) is being incorrectly interpreted as "true". The code then, having verified that the user-entered password matched the account's old-style password hash (even though it does not), quite reasonably proceeds to replace the old-style hash with the new-style hash of the password that was entered, thus re-enabling the account and setting its password to whatever the user entered.
-
@anotherusername Yes, that's a better explanation; I didn't include the
od_verify_crypt_password
error in mine but that really is the crux of the issue.
-
@boomzilla E_NO_BRACKETS_REEEEEEEEEEEEEEEEEE
-
@heterodox said in Mac OS High Sierra: how to switch to root without a password:
it incorrectly detects '*' (disabled) as an "old" password hash and creates a "new" password hash with the specified password
And how could a bug like that have been avoided?
Maybe if we had some sort of formatted container format, where you could specify a list of allowed types and values for each field, and a standard library would take care of parsing it and provide the type in a nice interface, rather than having to learn a new mini-format for every single file in the system and use regular expressions and magic symbols to tell types apart because the format has been unchanged since the late 70s and the field has by now been reused to store 14 different things.
But no. 40 years ago someone said "Use unformatted strings for everything, and only that". And so we must.
-
-
@anonymous234 It seems to me that you're suffering from a case of hammeritis. There's no particular reason why
od_verify_crypt_password
should indicate that any arbitrary password matched the hash*
; that's the bug, and should be a fairly easy one to solve given that*
isn't even a valid hash in the first place.
-
@anotherusername said in Mac OS High Sierra: how to switch to root without a password:
from a case of hammeritis
Probably. Fighting the evils of the Unix philosophy is one of my life goals.
-
-
@tsaukpaetra said in Mac OS High Sierra: how to switch to root without a password:
Windows 10 can still do it AFAIK, via the Sticky Keys exploit.
-
@pie_flavor that requires you to boot with a boot disk and modify files on the hard disk, right? Couldn't you just overwrite the admin account's password directly at that point...
-
@anotherusername said in Mac OS High Sierra: how to switch to root without a password:
@pie_flavor that requires you to boot with a boot disk and modify files on the hard disk, right? Couldn't you just overwrite the admin account's password directly at that point...
How would you do that?
-
@pie_flavor said in Mac OS High Sierra: how to switch to root without a password:
How would you do that?
Emacs with M-x butterfly.
-
This post hasn't been deleted.
-
@pie_flavor said in Mac OS High Sierra: how to switch to root without a password:
How would you do that?
By modifying the SAM file.
-
@pie_flavor there are tools which can do it once you're running from a boot disk.
I guess if all you has is the Windows installation disk, it's probably easier to do that elevated command prompt trick, but still... once you load up the boot disk, you basically have unrestricted access to the whole system at that point, and most of it isn't going to be encrypted.
The passwords for the local Windows accounts are hashed, and the hash is supposed to be difficult to reverse, but it's trivially easy to run the hash forward on a brand-new password and overwrite the old hash with a new one, or you can remove the account's password entirely by deleting the hash. Again, by using a tool that specifically does this, of course.
-
I use NT Offline Password Recovery at work. Hasn't failed me yet. Typically I re-enable the builtin Administrator account with a blank password.
-
Seen elsewhere:
Apple continues to perform their traditional role as innovative thought leaders. While lesser companies are defending against government insistence on software back doors, Apple courageously installs front doors...
-
Apple's top security engineer:
https://www.youtube.com/watch?v=z-5iCygFd9M
-
-
@anonymous234 From the comments:
-
@pie_flavor said in Mac OS High Sierra: how to switch to root without a password:
@anonymous234 From the comments:
I like the concept of a salted, unhashed password. Because it's so much more secure than plaintext!
O4IYNLhhRLNWpNKlTZzjALu17MAiyHuCmmIdcx76LrI4S8kou1ZYlhfyqx3i6pChunter2
-
@ben_lubar said in Mac OS High Sierra: how to switch to root without a password:
I like the concept of a salted, unhashed password.
I prefer low sodium passwords.
-
oops! MacOS Update Accidentally Undoes Apple's "Root" Bug Patch
nelson-haha.ovl
-
@cabrito said in Mac OS High Sierra: how to switch to root without a password:
oops! MacOS Update Accidentally Undoes Apple's "Root" Bug Patch
nelson-haha.ovl
That’s some serious face-palm material. Add to that the buginess of iOS 11 and watchOS and hey! Apple looks really bad this fall, at least software-wise.
Interesting if and when it’s gonna end…
-
@cabrito said in Mac OS High Sierra: how to switch to root without a password:
oops! MacOS Update Accidentally Undoes Apple's "Root" Bug Patch
To be fair:
Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update.
The patch closed the hole, then an unpatched version got installed over that by the OS update. Yes, Apple should have patched the 10.13.1 updater too, but it’s not like the 10.13.2 update overwrites the patch (which is what I thought was happenening, based on the title).
-
@cabrito said in Mac OS High Sierra: how to switch to root without a password:
oops! MacOS Update Accidentally Undoes Apple's "Root" Bug Patch
nelson-haha.ovl
Non-Windows-users problems...
-
@gurth said in Mac OS High Sierra: how to switch to root without a password:
The patch closed the hole, then an unpatched version got installed over that by the OS update.
If I wasn't sitting tight at the previous OS version, I would be absolutely furious! As it is, this is definitely
-
@tsaukpaetra said in Mac OS High Sierra: how to switch to root without a password:
Non-Windows-users problems...
I have in the past gone over a year without rebooting a Mac system.
-
@dkf said in Mac OS High Sierra: how to switch to root without a password:
I have in the past gone over a year without rebooting a Mac system.
That's nothing. I've gone 5 years and counting without doing it.
-
@blakeyrat Yeah, but I had mine switched on. :p
-
@blakeyrat said in Mac OS High Sierra: how to switch to root without a password:
@dkf said in Mac OS High Sierra: how to switch to root without a password:
I have in the past gone over a year without rebooting a Mac system.
That's nothing. I've gone 5 years and counting without doing it.
I've gone over 23 years without rebooting a Mac system I owned.
-
@ben_lubar
I have not rebooted a mac system I owned for the last 33 and a half years.
-
@pleegwat That's nothing. Before 1976, no Apple computer had ever been rebooted.
-
@ben_lubar idea: "UptimeOS": an OS designed to maximize uptime for the people who care about that.
All it would do is boot, stop the hard drives (because mechanical components can go bad) and then do nothing forever. Guaranteed no reboots. Install it in an old laptop and let it run forever.
-
@anonymous234 said in Mac OS High Sierra: how to switch to root without a password:
All it would do is boot, [...] and then do nothing forever.
I have an old piece of winter apparel like that, but unfortunately it's part of a pair so reboots are guaranteed.