Ask HN: Huge security hole for Mac OS X? Or am I missing something...

1 points by jheriko ↗ HN
Isn't this a huge security hole for Macs?

http://www.rit.edu/its/services/desktop_support/mac/xforcenewadminacccount.html

Strikes me as a way of implementing the first run steps that I never would have chosen as being terribly easy to uncover and exploit... also it feels sloppy for leaving files lying around.

Not to mention this is easily discoverable through Google...

A few minutes thought leads me to a multitude of more secure solutions, and I find it hard to believe the Apple programmers are really so lazy/naive as to do this without knowing it would be fine...

3 comments

[ 3.4 ms ] story [ 11.3 ms ] thread
Once you're in single-user mode, there are lots of ways to do this sort of thing. Deleting that file and rebooting is convenient, but actually fairly roundabout: there are more direct methods of adding an account that don't require another reboot.
You can do something comparable to this with just about any OS if you have physical access to the box (as booting into single user mode requires on OS X) and the BIOS has no password protection.

E.g., Boot from a flash drive that can mount NTFS. Now you have full access to your Windows file system.

Encryption is the only solution here (a BIOS password doesn't stop someone with physical access from removing your disk), and OS X supports that as well.