Console Root On OSX up to 10.2.8

From: Jason Storm (jms_at_lasergun.org)
Date: 10/31/03

  • Next message: Adam Shostack: "Macos 10.2.8" 
    Date: Fri, 31 Oct 2003 16:26:48 -0500 (EST)
To: bugtraq@securityfocus.com

    On all versions of OSX up to and including 10.2.7 and possibly 10.2.8,
    init can be crashed using a USB keyboard by holding down CTRL-C
    immediately after boot, and keeping it held down.

    Init crashes two or three minutes into the boot process and drops you into
    a root shell.

    At this point, you can of course modify the file system, or selectively
    run components of the rc scripts to bring up full OSX functionality
    without the GUI layer, which will demand a root password and lock you out
    once its spawned successfully.

    The 'exploit' is dependant on a USB keyboard being used; it wont work on a
    powerbook without a USB keyboard attached, for example.

    This was originally reported to Apple in 1998, and I was informed that
    this was an 'internal development feature' that would be removed.

    Three years later I reported this 'internal development feature' again,
    and received no reply at all.

    Now that Panther is out and this 'internal development feature' appears to
    be resolved (no doubt thanks to the massive reworking of OSX USB code), I
    see no reason not to give people a good reason to upgrade by releasing
    this info..

    peace and blessings,

    -Jason Storm

    "Only two things can stop an orgy.. and thats dawn, or a bigger orgy
    across town."

  • Next message: Adam Shostack: "Macos 10.2.8"