APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Mac OS X 'rootpipe' is not a backdoor


Some material is very old and may be incorrect today

© April 2015 Anthony Lawrence

The news is full of stories like this Failed Apple Rootpipe Fix Leaves Backdoor On All Macs, Researchers Claim. Forbes (and many others) call it a "significant flaw", ZDNet calls it "serious". It was supposed to be fixed in the last patch cycle, but apparently it wasn't.

Yes, Apple deserves shame and humiliation, but seriously: for most of us, it's not a concern. First, if you don't run as an admin account as I've suggested at Patch fixes sudo escalation flaw, you aren't vulnerable.

More importantly, this isn't a "back door" through which someone can enter your Mac. This requires someone to login as a user first and then to have the combination to the safe tatooed on that user's forehead. The user needs to have admin privilege as noted above; without it this flaw doesn't help them.

It's unimportant to most of us. I might worry if I had employees, but sitting here behind two firewalls on a machine with only one admin account that I do not use, I do not.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Mac OS X 'rootpipe' is not a backdoor


Inexpensive and informative Apple related e-books:

Take Control of Pages

Photos: A Take Control Crash Course

Photos for Mac: A Take Control Crash Course

Are Your Bits Flipped?

Take Control of IOS 11





More Articles by © Anthony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





There's no obfuscated Perl contest because it's pointless. (Jeff Polk )




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode