18 Jan
2023
18 Jan
'23
11:21 p.m.
Wow, we're all over the place on this thread. I stopped updating my Mac
with Mojave. Occasionally, I flirt with more recent incarnations and
much like with recent Windows incarnations, I scurry back pretty quickly
to the stable and fast. ... and Mojave support 32 bit apps, which is
nice. It's fast, responsive, and locked down the way I like it.
The mutually exclusive goals represented by security/it lockdown
obsession and OS phone homeitis is ridiculous. One hopes that this is
not a permanent set of affairs. I would prefer my OS to be under my
control and secure my information, for me.
Lately, I've been doing work with SculptOS on Genode - a capabilities
based OS running on a microkernel (trusted computing base). Sculpts got
a ways to go, but I like the way the architects are thinking.
Will
On 1/18/23 11:08 AM, segaloco via TUHS wrote:
Apple's unreasonable hardening has been the
latest deterent to my ever
wanting to use macOS as a personal driver. I've got a Mac as my daily
driver for work, it can happily stay with work until I can decide how
the filesystem is laid out and what folders I, as the root user, can
and can't interact with from user land. I own my machine, not Apple.
- Matt G.
------- Original Message -------
On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc(a)ccc.com>
wrote:
On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm(a)mcvoy.com> wrote:
Someone once told me that if they had physical access to a Unix
box, they
would get root. That has been true forever and it's even more
true today,
pull the root disk, mount it on Linux, drop your ssh keys in
there or add
a no password root or setuid a shell, whatever, if you can put
your hands
on it, you can get in.
A reasonable point, but I think it really depends on the UNIX
implementation I suspect. Current mac OS is pretty well hardened from
this, with their current enclaves and needing to boot home to Apple
to get keys if things are not 100% right. Not saying you or I can
not, but basically means the same cracking tricks you need to use for
iPhones. It's not as easy as you describe.
The ubiquitous Internet/WiFi changed the rules - as you can start to
keep some set of keys somewhere else and then encrypt the local
volumes. In fact, one of the things they do if mac OS boot detects
that root has been modified (it has a crypto index stored away when
it was made read-only), the boot rolls back to the last root snapshot
-- since they are all read-only that works. In fact, it is a PITA to
update/fix things like traditional scripts (for instance the scripts
in the /etc/periodic area). Basically, they make it really unnatural
to change the root files system, make a new snapshot and index (I
have yet to see it documented although, with much pain, I previously
created a procedure that is close -- i.e. it once worked on my
pre-Ventura Mac - but currently -- fails, so I need to some more
investigation when I can bring this back to the top of the
importance/curiosity stack (I have a less than satisfying end around
for now so I'm ignoring doing it properly).
Clem
ᐧ