On Aug 22, 2006, at 3:22 PM, K F wrote:the admin users on OS X can NOT become root at any time.Yes, they can.Um NO they can't. ANY is a pretty strong word.
I already demonstrated it in my original post.
without the admin password an admin user can not become root.
I'm not sure why there is confusion here. By definition, an admin user is a user with an admin name and password.
I am physically sitting on a mac that I do not know the admin password to right now
Then you aren't an admin user. You're using someone else's admin account. This is not simply arguing over semantics. These concepts are well defined on Unix-based systems.
Does it make a difference if it is someone that I DO trust?
Of course it makes a difference. Security has everything to do with trust.
If your argument is based primarily on allowing others to have access to an admin account which is not theirs (i.e., for which they do not have the password), then you really don't have much of an argument. In general, this is a VERY BAD IDEA, and is completely unnecessary on a multi-user system like OS X.
Kind Regards, -jeff -- Jeff Holland http://propagandaprod.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/