APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Mac OS X 'rootpipe' is not a backdoor

The news is full of stories like this Failed Apple Rootpipe Fix Leaves Backdoor On All Macs, Researchers Claim. Forbes (and many others) call it a "significant flaw", ZDNet calls it "serious". It was supposed to be fixed in the last patch cycle, but apparently it wasn't.

Yes, Apple deserves shame and humiliation, but seriously: for most of us, it's not a concern. First, if you don't run as an admin account as I've suggested at Patch fixes sudo escalation flaw, you aren't vulnerable.

More importantly, this isn't a "back door" through which someone can enter your Mac. This requires someone to login as a user first and then to have the combination to the safe tatooed on that user's forehead. The user needs to have admin privilege as noted above; without it this flaw doesn't help them.

It's unimportant to most of us. I might worry if I had employees, but sitting here behind two firewalls on a machine with only one admin account that I do not use, I do not.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Mac OS X 'rootpipe' is not a backdoor



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





As I said in my comments to the committee, [Fortran 90' would be a] nice language, too bad it's not Fortran. (Dan Davison)





This post tagged: