Does this exploit still exist in Leopard?

Discussion in 'macOS' started by Papajohn56, Feb 20, 2008.

  1. Papajohn56 macrumors 6502

    Joined:
    Aug 13, 2005
    #1
    Basically allowing you to create a new admin account:

    Log in under single-user mode (cmd-S at boot)

    Mount your drive (/sbin/mount -uw / ) at the command line

    type command: rm /var/db/.AppleSetupDone


    type command: reboot

    This makes your computer think it's the first time starting up, and allows for creation of a new administrator account.
     
  2. devilot Moderator emeritus

    devilot

    Joined:
    May 1, 2005
    #2
    :eek:

    I'm not all techy-- I don't get the Terminal commands, but am curious-- how would that be different from going to System Preferences> System> Accounts> "+" and making that new account have admin privileges?

    Are there even more "hidden" techy privileges the Terminal way?
     
  3. Papajohn56 thread starter macrumors 6502

    Joined:
    Aug 13, 2005
    #3
    This is if you don't have administrator privileges. Any joe schmoe could go up to a random Mac and do this without knowing the admin password
     
  4. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #4
  5. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #5
    Any device to which one has physical access has NO meaningful security.

    Use FileVault if you're that worried.
     
  6. miniConvert macrumors 68040

    miniConvert

    Joined:
    Mar 4, 2006
    Location:
    Kent, UK - the 'Garden of England'.
    #6
    Totally, it's hardly an exploit. Similar workarounds exist for Windows if you're sat in front of the box.
     
  7. redshift20 macrumors member

    Joined:
    Jul 27, 2006
    #7
    Perhaps you could just try it and tell us all if it still exists?
     

Share This Page