Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > I find root password from Netinfo Manager!

I find root password from Netinfo Manager!
Thread Tools
neilxu
Junior Member
Join Date: Aug 2002
Status: Offline
Reply With Quote
Aug 31, 2003, 11:56 AM
 
Open Netinfo Manager, select users --> root

then I find root password!!!

I select my username then find _shadow_passwd and passwd etc. None of them is my real password. BUT the password of root is real password.

So anyone can log in OS X and open netInfo Manager and get the root password.

Bug?
     
kennedy
Mac Elite
Join Date: Jul 2000
Location: Dallas, TX, USA
Status: Offline
Reply With Quote
Aug 31, 2003, 12:02 PM
 
Is your root password "*"?
     
khufuu
Registered User
Join Date: Aug 2002
Location: On my couch
Status: Offline
Reply With Quote
Aug 31, 2003, 12:04 PM
 
Originally posted by neilxu:
Open Netinfo Manager, select users --> root

then I find root password!!!

I select my username then find _shadow_passwd and passwd etc. None of them is my real password. BUT the password of root is real password.

So anyone can log in OS X and open netInfo Manager and get the root password.

Bug?
No. If you root account has not been activated you will just see a * I think. It it has been activated, you will see the encrypted version of your password.

Try looking at your own account.
     
neilxu  (op)
Junior Member
Join Date: Aug 2002
Status: Offline
Reply With Quote
Aug 31, 2003, 12:11 PM
 
I activated root account three months ago. The root password is not like "*", it's the real password.

and I am sure every time I log in OS X using my own account instead of root.
     
neilxu  (op)
Junior Member
Join Date: Aug 2002
Status: Offline
Reply With Quote
Aug 31, 2003, 12:13 PM
 
Originally posted by khufuu:
No. If you root account has not been activated you will just see a * I think. It it has been activated, you will see the encrypted version of your password.

Try looking at your own account.
the password of my own account is encrypted. another account too except root
     
kennedy
Mac Elite
Join Date: Jul 2000
Location: Dallas, TX, USA
Status: Offline
Reply With Quote
Aug 31, 2003, 12:15 PM
 
Originally posted by neilxu:
I activated root account three months ago. The root password is not like "*", it's the real password.

and I am sure every time I log in OS X using my own account instead of root.
Strange. Try changing the root password to something else and see what happens.
     
neilxu  (op)
Junior Member
Join Date: Aug 2002
Status: Offline
Reply With Quote
Aug 31, 2003, 12:36 PM
 
Originally posted by kennedy:
Strange. Try changing the root password to something else and see what happens.
I changed it but....

this is the sceenshot

http://people.clemson.edu/~lxu/Mis/netinfo.jpg
     
PubGuy
Dedicated MacNNer
Join Date: Aug 2002
Status: Offline
Reply With Quote
Aug 31, 2003, 12:54 PM
 
Wow...that's weird.
My root access looks exactly likes yours EXCEPT that my password is encrypted.

What you're seeing shouldn't be happening. You need to submit that bug report and screen shot to Apple --- that's a critical security issue! Even if it only happens rarely, it is a vulnerability if it happens at all.

I have no idea how to fix it, my suggestion would be to Disable root, then log out and log back in. Repair permissions, then reactivate root and see if the problem persists.

Good luck (but definately report this to Apple ASAP).
     
ZackS
Banned
Join Date: Nov 2002
Location: Hell
Status: Offline
Reply With Quote
Aug 31, 2003, 01:14 PM
 
Originally posted by neilxu:
I changed it but....

this is the sceenshot

http://people.clemson.edu/~lxu/Mis/netinfo.jpg
Wait, what's your IP address again?
     
tooki
Admin Emeritus
Join Date: Oct 1999
Location: Zurich, Switzerland
Status: Offline
Reply With Quote
Aug 31, 2003, 01:31 PM
 
Originally posted by neilxu:
I select my username then find _shadow_passwd and passwd etc. None of them is my real password. BUT the password of root is real password.

So anyone can log in OS X and open netInfo Manager and get the root password.

Bug?
It's a bug on your machine. On mine, all the passwords, including root's, are hashed [encrypted in a non-reversible way].

tooki
     
version
Mac Elite
Join Date: Jul 2003
Location: Bless you
Status: Offline
Reply With Quote
Aug 31, 2003, 01:45 PM
 
The thing is though, tooki, what kind of bug has he got, for Netinfo to display the root password?

Interesting.
A Jew with a view.
     
foobars
Mac Elite
Join Date: Jan 2001
Location: Somewhere in the land surrouding Fenway Park
Status: Offline
Reply With Quote
Aug 31, 2003, 02:35 PM
 
Try changing the password with the passwd terminal command and see what happens.

Did you activate the root account by typing the password right into NetInfo?
     
Angus_D
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status: Offline
Reply With Quote
Aug 31, 2003, 03:28 PM
 
With that in the field, are you able to log in as root? I'm guessing not, as nothing will hash to "macnn".
     
neilxu  (op)
Junior Member
Join Date: Aug 2002
Status: Offline
Reply With Quote
Aug 31, 2003, 03:45 PM
 
Originally posted by Angus_D:
With that in the field, are you able to log in as root? I'm guessing not, as nothing will hash to "macnn".
you are right. I cannot log in as root.

I think I made BIG mistakes. I just type password right in Value of NetInfo. I should choose "Security" --> "Change root password"

Now the problem is I can not change root password any more, can not log in as root.

Sorry to bother you. I manage to change it.

Sorry to waste your time. I need to read Apple Knowledge carefully.
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Aug 31, 2003, 03:49 PM
 
Originally posted by neilxu:
you are right. I cannot log in as root.

I think I made BIG mistakes. I just type password right in Value of NetInfo. I should choose "Security" --> "Change root password"

Now the problem is I can not change root password any more, can not log in as root.
Boot from your OS X CD and reset the password from there.
Vandelay Industries
     
Synotic
Mac Elite
Join Date: Oct 2000
Status: Offline
Reply With Quote
Aug 31, 2003, 03:49 PM
 
Originally posted by foobars:
Did you activate the root account by typing the password right into NetInfo?
Heh I was thinking that too...

If you enter right into that field, it thinks you are typing the HASHED version of the password. Anything in that field, whether put in by you or the OS is your hashed root password. It's not really your pass.
     
K++
Senior User
Join Date: Jan 2002
Location: NYC
Status: Offline
Reply With Quote
Aug 31, 2003, 07:21 PM
 
Originally posted by neilxu:
you are right. I cannot log in as root.

I think I made BIG mistakes. I just type password right in Value of NetInfo. I should choose "Security" --> "Change root password"

Now the problem is I can not change root password any more, can not log in as root.

Sorry to bother you. I manage to change it.

Sorry to waste your time. I need to read Apple Knowledge carefully.
as an admin user:

Code:
sudo passwd new_password
For those who need to become root for one thing or another:

Code:
sudo su
And a little advice, there is almost no reason that a normal user would EVER need to turn on root.
     
kennedy
Mac Elite
Join Date: Jul 2000
Location: Dallas, TX, USA
Status: Offline
Reply With Quote
Aug 31, 2003, 08:36 PM
 
Originally posted by K++:
And a little advice, there is almost no reason that a normal user would EVER need to turn on root.
How do you run a backup of all the users home directories if not as root?

Shouldn't everyone who owns a Mac be running backups?
     
jessejlt
Mac Enthusiast
Join Date: Feb 2003
Location: Portland, Oregon
Status: Offline
Reply With Quote
Aug 31, 2003, 08:56 PM
 
This is a good example of why NOT to jack with something you know nothing about.

When I started reading this thread, after the first post I said "It's encrypted, that's not your real password", then after reading a couple more posts and seeing the events unfold, I kept saying to myself "I hope he doesn't try typing in a new root password" and then I saw the post where you did that, the one with the screeny, and I started laughing, and then I saw that you no longer have root access. Pretty comedy stuff.
jesse ;-)
     
gorgonzola
Admin Emeritus
Join Date: Nov 2000
Location: New Yawk
Status: Offline
Reply With Quote
Aug 31, 2003, 08:56 PM
 
Originally posted by kennedy:
How do you run a backup of all the users home directories if not as root?

Shouldn't everyone who owns a Mac be running backups?
Well, first of all, you can use sudo, which lets you run junk as root without enabling root.

Secondly, if you use something like Dantz Retrospect, you wouldn't be manually specifying the backups at all, if you get what I mean.
"Do not be too positive about things. You may be in error." (C. F. Lawlor, The Mixicologist)
     
utidjian
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status: Offline
Reply With Quote
Sep 1, 2003, 08:47 AM
 
Another "bug" is... ANY user can type:

nidump passwd .

and get all the password hashes including roots (if activated) or the admin users password. It may not seem to be a big deal but try running something like John-the-Ripper on the nidump and eventually you will get a lot of the plaintext passwords. This has been the case since v10.0.x

To fix it you need to do:

chmod 0550 nicl nifind niload niutil nidump nigrep nireport

in /usr/bin/
-DU-...etc...
     
Terri
Senior User
Join Date: Mar 2001
Location: Sitting in front of computer
Status: Offline
Reply With Quote
Sep 1, 2003, 09:23 AM
 
In the System preferences create a user with the password that you want.

Now go to NetInfo and copy the encrypted password from that account to the root account, save changes and now you have the root password.
     
goMac
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status: Offline
Reply With Quote
Sep 1, 2003, 03:18 PM
 
Originally posted by Terri:
In the System preferences create a user with the password that you want.

Now go to NetInfo and copy the encrypted password from that account to the root account, save changes and now you have the root password.
But you have to have administrator access to change NetInfo or add a user. It would be implyed that an administrator would be a secure enough level to do this, and not some average joe who has a normal account.
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
     
K++
Senior User
Join Date: Jan 2002
Location: NYC
Status: Offline
Reply With Quote
Sep 1, 2003, 05:20 PM
 
Originally posted by goMac:
But you have to have administrator access to change NetInfo or add a user. It would be implyed that an administrator would be a secure enough level to do this, and not some average joe who has a normal account.
Or you could use my way which is ALOT simpler.

Open a terminal and type sudo passwd
Then type in a new password for root. But he would be better off going to Netinfo Manager and setting root's password to *, since he has more than demonstrated that root is not for him.
     
Darksider
Forum Regular
Join Date: Feb 2003
Status: Offline
Reply With Quote
Sep 1, 2003, 07:50 PM
 
Don't forget you can boot up with a restore cd and change your password. So OS X isn't really that secure.
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Sep 1, 2003, 07:57 PM
 
Originally posted by Darksider:
Don't forget you can boot up with a restore cd and change your password. So OS X isn't really that secure.
If you have physical access to the machine, then you can do whatever you want. That goes for any OS.
Vandelay Industries
     
kennedy
Mac Elite
Join Date: Jul 2000
Location: Dallas, TX, USA
Status: Offline
Reply With Quote
Sep 1, 2003, 08:02 PM
 
Originally posted by Darksider:
Don't forget you can boot up with a restore cd and change your password. So OS X isn't really that secure.
That's silly. All machines... including high $$ corporate servers... are insecure if you have physical access to the machine. The question of security is if you cannot get physical access to the machine... just electronic access over a network... can you get into it? That's why corporate servers will almost always be found behind locked doors... typically combination locked because keys can be effortlessly picked.
     
Darksider
Forum Regular
Join Date: Feb 2003
Status: Offline
Reply With Quote
Sep 1, 2003, 08:05 PM
 
If you have physical access to the machine, then you can do whatever you want. That goes for any OS.
Not if you password protect it from the bios..

That's silly. All machines... including high $$ corporate servers... are insecure if you have physical access to the machine. The question of security is if you cannot get physical access to the machine... just electronic access over a network... can you get into it? That's why corporate servers will almost always be found behind locked doors... typically combination locked because keys can be effortlessly picked.
I wasn't talking about corporate servers so it isn't silly.
     
Art Vandelay
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status: Offline
Reply With Quote
Sep 1, 2003, 09:25 PM
 
Originally posted by Darksider:
Not if you password protect it from the bios..
BIOS/Open Firmware passwords are easily defeatable if you have physical access to the machine. They only slow someone down.
Vandelay Industries
     
kennedy
Mac Elite
Join Date: Jul 2000
Location: Dallas, TX, USA
Status: Offline
Reply With Quote
Sep 1, 2003, 10:14 PM
 
Originally posted by Darksider:
I wasn't talking about corporate servers so it isn't silly.
Sorry, I didn't mean to confuse you. For any computer that you can buy, if you give me physical access to it, then I will effortlessly get access to its contents. Choose your OS... and do as you will with passwords, BIOS, whatever...

And I am not even a good hacker... just a moderately qualified admin.

Don't disparage OS X for that... now if I can do the same without physical access to the machine... or if I can send email to a user on your machine and set myself up access... and there's nothing the admin can do to prevent it... then disparage the OS for that! (Yes, I am talking about that Redmond OS! )


I just meant it silly to put down OS X as insecure given nobody expects the OS to defend against someone with physical access to the machine. That's kind of like calling it a Denial of Service attack when someone takes a sledge hammer to your server.
     
coolmacdude
Senior User
Join Date: Feb 2003
Location: Atlanta
Status: Offline
Reply With Quote
Sep 1, 2003, 10:40 PM
 
Originally posted by Art Vandelay:
BIOS/Open Firmware passwords are easily defeatable if you have physical access to the machine. They only slow someone down.
I actually remember doing this a lot. I worked a Windows tech support job the last few summers and this came up frequently. On most PCs it's as simple as removing and replacing a battery on the motherboard.
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Sep 2, 2003, 12:27 PM
 
Originally posted by coolmacdude:
I actually remember doing this a lot. I worked a Windows tech support job the last few summers and this came up frequently. On most PCs it's as simple as removing and replacing a battery on the motherboard.
On Macs with the Open Firmware Password all you have to do is open the computer and remove a RAM stick, and restart the machine.
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Sep 2, 2003, 12:28 PM
 
Originally posted by utidjian:
Another "bug" is... ANY user can type:

nidump passwd .

<snip!>

To fix it you need to do:

chmod 0550 nicl nifind niload niutil nidump nigrep nireport

in /usr/bin/
This will work until you repair permissions. Then the permissions on those commands get "corrected" back to their initial values!
     
coolmacdude
Senior User
Join Date: Feb 2003
Location: Atlanta
Status: Offline
Reply With Quote
Sep 2, 2003, 01:47 PM
 
Originally posted by Person Man:
This will work until you repair permissions. Then the permissions on those commands get "corrected" back to their initial values!
So set up a cron job to do it every week or so.
     
utidjian
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status: Offline
Reply With Quote
Sep 3, 2003, 08:12 AM
 
Originally posted by Person Man:
This will work until you repair permissions. Then the permissions on those commands get "corrected" back to their initial values!
Why does one need to "repair permissions"? What breaks them in the first place? Perhaps that should be repaired rather the the system automatically making it less secure, no?
-DU-...etc...
     
kennedy
Mac Elite
Join Date: Jul 2000
Location: Dallas, TX, USA
Status: Offline
Reply With Quote
Sep 3, 2003, 09:41 AM
 
Originally posted by utidjian:
Why does one need to "repair permissions"? What breaks them in the first place? Perhaps that should be repaired rather the the system automatically making it less secure, no?
Well, did you see the other thread where the guy somehow moved Utilities out of Apps and couldn't move it back... so he went into OS 9 and forcibly moved it contrary to what OS X permissions would allow. And you get people making copies of things as they drag things around. And soon, you have lots of files with really bizarre permissions on them.

Mac OS X is an interesting compromise of security from those on the outside, security from those on the inside, and traditional OS 9 outs for those not really ready to understand Unix permissions and such "complexities". As a result, they've given you enough rope to mess stuff up, and things like "repair permissions" to keep you from drowning in the mess you create.

     
Kate
Senior User
Join Date: Jan 2001
Status: Offline
Reply With Quote
Sep 3, 2003, 10:06 AM
 
Originally posted by kennedy:
..... to keep you from drowning in the mess you create.

Not to mention the mess that Apples installer app does. That is why so often it is recommended to use the combined updaters rather than the incremental updates.

Usually after one to four incremental updates the permissions of various essential system files get corrupted. Usually you cannot login, the login app keeps crashing in a cycle or netinfo is inaccessible. This happens if you'r glad.
Otherwise the system will not start at all, since some essential files are set to being not executable. You have to fix permissions in single user mode then....

By the way....if you choose to do a fresh install of the OS and do not want to use any of the previous data, be sure to erase the disk before you proceed.(No, to simply check the box in the installer does not work)
The installer will detect old netinfo files, old /etc and old /bin files and leave them as they are. This can render a "fresh" copy useless or more corrupt than the previous one..... this is on top of permission issues.

YMMV, however.
     
Millennium
Clinically Insane
Join Date: Nov 1999
Status: Offline
Reply With Quote
Sep 3, 2003, 10:29 AM
 
Originally posted by utidjian:
Another "bug" is... ANY user can type:

nidump passwd .

and get all the password hashes including roots (if activated) or the admin users password. It may not seem to be a big deal but try running something like John-the-Ripper on the nidump and eventually you will get a lot of the plaintext passwords. This has been the case since v10.0.x

To fix it you need to do:

chmod 0550 nicl nifind niload niutil nidump nigrep nireport

in /usr/bin/
That actually doesn't fix the bug.

The problem is, this isn't really a bug, per se; things are working as designed. nidump is dumping out the contents of a standard /etc/passwd file, which must be readable by all users, because there's more than just passwords in the file.

This is stupid, for obvious reasons. You pointed out yourself that with John the Ripper and similar crackers, once someone has /etc/passwd they can crack passwords in a matter of hours (sometimes faster). Most Unices get around this by using a shadow password file. In this case, /etc/passwd is almost the same, except that passwords aren't put in the place where passwords go in /etc/passwd: instead, there is a pointer to a location in /etc/shadow, which is where the real password hash is stored. /etc/shadow is only readable by root, so the passwords are safe.

The problem is, OSX doesn't use shadow passwords. In fact, it uses a totally different mechanism, known as NetInfo, to store the information found in /etc/passwd. It has to maintain a copy of /etc/passwd, because many Unix apps depend on being able to read that file. Unfortunately, it does this the stupid way, by creating a plain /etc/passwd rather than the shadow-password combination.

NetInfo is Going Away, to be replaced by an LDAP-based system, though it's unknown when this work will be finished. However, these legacy Unix files will still have to be created for compatibility purposes, and so tools like nidump and niload will have to be created. Apple should be coding these tools to mimic a more secure system. They should also backport this to the NetInfo-based tools.
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
     
Kate
Senior User
Join Date: Jan 2001
Status: Offline
Reply With Quote
Sep 3, 2003, 10:36 AM
 
I second that.
     
JLL
Professional Poster
Join Date: Apr 1999
Location: Copenhagen, Denmark
Status: Offline
Reply With Quote
Sep 3, 2003, 12:14 PM
 
Originally posted by Millennium:
That actually doesn't fix the bug.

The problem is, this isn't really a bug, per se; things are working as designed. nidump is dumping out the contents of a standard /etc/passwd file, which must be readable by all users, because there's more than just passwords in the file.

This is stupid, for obvious reasons. You pointed out yourself that with John the Ripper and similar crackers, once someone has /etc/passwd they can crack passwords in a matter of hours (sometimes faster). Most Unices get around this by using a shadow password file. In this case, /etc/passwd is almost the same, except that passwords aren't put in the place where passwords go in /etc/passwd: instead, there is a pointer to a location in /etc/shadow, which is where the real password hash is stored. /etc/shadow is only readable by root, so the passwords are safe.

The problem is, OSX doesn't use shadow passwords. In fact, it uses a totally different mechanism, known as NetInfo, to store the information found in /etc/passwd. It has to maintain a copy of /etc/passwd, because many Unix apps depend on being able to read that file. Unfortunately, it does this the stupid way, by creating a plain /etc/passwd rather than the shadow-password combination.

NetInfo is Going Away, to be replaced by an LDAP-based system, though it's unknown when this work will be finished. However, these legacy Unix files will still have to be created for compatibility purposes, and so tools like nidump and niload will have to be created. Apple should be coding these tools to mimic a more secure system. They should also backport this to the NetInfo-based tools.
Passwords are shadowed in Panther.
JLL

- My opinions may have changed, but not the fact that I am right.
     
Kate
Senior User
Join Date: Jan 2001
Status: Offline
Reply With Quote
Sep 3, 2003, 12:25 PM
 
Sounds like a first step into the right direction. Thanks JLL.
     
diamondsw
Senior User
Join Date: Apr 2000
Location: Woodridge, IL
Status: Offline
Reply With Quote
Sep 3, 2003, 01:25 PM
 
Originally posted by kennedy:
That's silly. All machines... including high $$ corporate servers... are insecure if you have physical access to the machine. The question of security is if you cannot get physical access to the machine... just electronic access over a network... can you get into it? That's why corporate servers will almost always be found behind locked doors... typically combination locked because keys can be effortlessly picked.
Heh, server farms are behind security guards and biometric locks. Keys are for wimps.
     
Millennium
Clinically Insane
Join Date: Nov 1999
Status: Offline
Reply With Quote
Sep 3, 2003, 01:42 PM
 
Originally posted by JLL:
Passwords are shadowed in Panther.
Excellent news. Thanks for the head-up.
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
     
VValdo
Dedicated MacNNer
Join Date: May 2001
Status: Offline
Reply With Quote
Sep 3, 2003, 08:54 PM
 
Just a heads up, Crack 5.0a can be compiled to run in OS X, versions 10.0 to current. It can successfully guess OS X passwords using a dictionary attack method. If you have multiple users and want to make sure they're using non-stupid passwords, this is an excellent tool. If you don't run Crack on your own users, there's really nothing stopping one of your users from running it...

Hopefully the shadowed passwords in Panther will eliminate this problem.

W

hint- To compile Crack 5.0a in 10.2.x, link against existing file /usr/lib/libdes425.dylib. You do not need to compile libdes yourself.
     
Cipher13
Registered User
Join Date: Apr 2000
Status: Offline
Reply With Quote
Sep 4, 2003, 02:35 AM
 
Originally posted by Art Vandelay:
BIOS/Open Firmware passwords are easily defeatable if you have physical access to the machine. They only slow someone down.
Not by much, at that; it only takes a matter of minutes to remove a DIMM.
     
ngrundy
Dedicated MacNNer
Join Date: Nov 2002
Location: Hobart, Tasmania, Australia
Status: Offline
Reply With Quote
Sep 4, 2003, 06:20 AM
 
Originally posted by Darksider:
Not if you password protect it from the bios..
If you've got physical access to the machine why bother booting it up? Just rip the hard disks out and paruse at your leasure.
1Ghz Powerbook
40gb/1x512mb/combo/T68i
FireRAID 1 Host Independant Hotswap RAID 1 (80gb)
     
Kate
Senior User
Join Date: Jan 2001
Status: Offline
Reply With Quote
Sep 4, 2003, 06:40 AM
 
Originally posted by ngrundy:
.. Just rip the hard disks out and paruse at your leasure.
That's taking too long when the computer in question is a PowerBook or other laptop. Removing batteries and resetting NVRAM is quicker.
     
utidjian
Senior User
Join Date: Jan 2001
Location: Mahwah, NJ USA
Status: Offline
Reply With Quote
Sep 5, 2003, 10:58 AM
 
Originally posted by Millennium:
That actually doesn't fix the bug.
That was why I called it a "bug" and not a bug ;-) IIRC it was "designed" that way (some interview and Q&A on http://www.macosxlabs.org)


The problem is, this isn't really a bug, per se; things are working as designed. nidump is dumping out the contents of a standard /etc/passwd file, which must be readable by all users, because there's more than just passwords in the file.
I agree... however... once a user has authenticated the rest of that information is only for what they are authorized to access.


This is stupid, for obvious reasons. You pointed out yourself that with John the Ripper and similar crackers, once someone has /etc/passwd they can crack passwords in a matter of hours (sometimes faster).
Testing one of the Xserves here I got about 10% of the passwords immediately, 25% in seconds, 50% in three minutes (including admin/root password) and 90% in three hours. It was enough to convince the admin of that server to change the permissions on the NetInfo files. Doing so does not appear to "break" any of the functionality of the clients or server so far.


Most Unices get around this by using a shadow password file. In this case, /etc/passwd is almost the same, except that passwords aren't put in the place where passwords go in /etc/passwd: instead, there is a pointer to a location in /etc/shadow, which is where the real password hash is stored. /etc/shadow is only readable by root, so the passwords are safe.
There are a couple of problems with this shadow scheme. It only really applies to the local machine. NetInfo, as with NIS, LDAP, and other network databases is for authorization to objects in a network. Though using shadow passwords adds another layer... the passwords are still the plain hashes. How are you going to "hide" the shadow file from NetInfo?
As an example... one can use shadow passwords with NIS and regular users can not see the password hashes with the command "ypcat passwd" (it is the equivalent of "nidump passwd .") BUT... a root/admin user in the nisdomain can do "ypcat shadow.byname" and get the password hashes. This can easily be done by someone using their laptop. What is to stop a root user on a laptop from connecting to the network and doing an "nidump sahdow ." or "ldapsearch ..." and getting the password hashes that way?

There are ways of securing the password hashes on LDAP by using an additional authentication scheme. OpenLDAP uses LDAP + SASL by default, also, LDAP + TLS. SASL can then use kerberos (I think they currently support krb4), GSSAPI, and DIGEST-MD5. Which one is Apple going to use? Will they support all methods? Will it work correctly with existing LDAP implementations?


The problem is, OSX doesn't use shadow passwords. In fact, it uses a totally different mechanism, known as NetInfo, to store the information found in /etc/passwd. It has to maintain a copy of /etc/passwd, because many Unix apps depend on being able to read that file. Unfortunately, it does this the stupid way, by creating a plain /etc/passwd rather than the shadow-password combination.
Yes.


NetInfo is Going Away, to be replaced by an LDAP-based system, though it's unknown when this work will be finished. However, these legacy Unix files will still have to be created for compatibility purposes, and so tools like nidump and niload will have to be created. Apple should be coding these tools to mimic a more secure system. They should also backport this to the NetInfo-based tools.
Yes. I think the NetInfo stuff will only be kept around for a limited time for backwards compatibility. The LDAP + kerberos scheme is already available from other sources for Mac OS X. (See: http://www.macosxlabs.org for more info). While I have read that LDAP will be available as an authorization scheme in Panther... it is not clear whether it will be the default and it is not clear what authentication scheme will be used along with it.

While all of this may not be a concern to individual home users as a sysadmin for college computer labs using Mac OS X (and other systems) it is a very big concern to me. I would think that it is also a concern for medium to large corporate networks also.

As far as physical security of servers and clients are concerned we lock the covers of all clients and servers and have a OF password set. It is the best we can do for our installed machines and still let the students have access. Laptops are still a problem... I read that some places superglue the keyboard so users can't fiddle the memory. The basic idea is that no user data is permananetly kept on the client workstations anyway.
-DU-...etc...
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:34 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,