Convenience over security

Lets say someone happened to be checking out /etc/pam.d/sudo in MacOS 10.3 in order to play around with the security server a little, and the file looked like this:

# login: auth account password session
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so

Lets then say that in their haste, instead of doing this:

# login: auth account password session
## 03.03.2004 check ss for speed
auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so

They did this:

# login: auth account password session
## 03.03.2004 check ss for speed auth sufficient pam_securityserver.so
auth sufficient pam_unix.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so

If such a situation were to arise, like say, oh, say, last night, and the user found himself unable to use sudo, he would be grateful that in this case Apple has made it very easy to start an OSX machine as root, mount the main disk as read/write, and then uncomment that line.

yummy alcohol posted button Posted by drunkenbatman
    March 03, 2004, at 08:26 PM


Comments (0)




Post a comment



Anonymous comments are allowed, but please enter something for a name.

And do endeavor to appear sane.









Remember personal info?