undefined | Better HN

0 pointsOkGoDoIt8y ago0 comments

Seems to be something related to a backwards-compatibility code path for upgraded systems. According to multiple posts on this thread it only affects systems upgraded to High Sierra, not fresh installs. See https://news.ycombinator.com/item?id=15802622 for example. Adding extra layers for compatibility complicates testing and debugging. With this many eyes on it hopefully someone will be able to deduce exactly what's going on.

0 comments

nathancahill8y ago

My High Sierra is a fresh install, and it's affected.

princekolt8y ago

Yup. Can confirm. I installed it fresh on a VM from the downloaded installer and it is affected.

xer0x8y ago

My upgraded high sierra doesn't have this problem. The theory could be backwards. Anyways, this is stunning.

FabHK8y ago

Note that I had to try twice for this to "work" - maybe try again. Incredible.

EDIT: apparently, the first login attempt with root enables root login with whatever password is provided. Then, when you try again, login will work.

If that's true, we have a combined diagnostic and workaround:

Try logging in with root and a good password. It should not work (if it does, root with that password had been enabled before).

Now, try logging in again with root and that same password.

If it works, your system was vulnerable to that bug, but you've now fixed the problem, as you've enabled root and set a good password (so nobody else can log in unless they find that password).

If it doesn't work, it looks like root has been set up before with some other password (maybe empty), and it's conceivable that someone has exploited that bug on your machine before.

Is that understanding correct?

scotty798y ago

Try guest account.

I could do it on guest account, by first pressing enter after entering "root". And after a fail, clicking the unlock button.

orf8y ago

Mine is an upgrade and does.

rtpg8y ago

But at one point a root account is created with an empty password right?

There's a specific line somewhere that's doing this, in theory.

Maybe they should have opted for "create `root` with unguessable password"

akvadrako8y ago

No, that's a hack. And it opens new attacks, like on the hashing algorithm and poor randomness or predictability in the generation logic.

LeifCarrotson8y ago

You have some pretty high standards. Being imperfect doesn't automatically make it better than the alternative of not doing it.

If the system can't generate a secure hash, or can't generate cryptographically random numbers, you're in serious trouble. Those tools are foundational to security.

Moving the problem from "a root account is created with the first password you try" to "you have to break crypt(1) or /dev/random" is basically equivalent to solving it.

j / k navigate · click thread line to collapse