Main Area and Open Discussion > Living Room
Apple leads the charge: Root access is no longer root access
rgdot:
All a consequence of people's will full apathy and hostility towards reasonable control and regulation. Something like this would be much less likely if the landscape was dominated by more than 2 or 3 players. I won't type more because it would require Basement level discourse, and I am not going there ;)
wraith808:
It's not just Apple. Microsoft has a built in account that's a level above Administrator now. If it creates a file or folder, you can't delete or modify it even if you are the admin (i.e. root) on your system.-40hz (October 21, 2015, 11:17 AM)
--- End quote ---
Hasn't NT always had the SYSTEM AUTHORITY?
-f0dder (October 21, 2015, 11:40 AM)
--- End quote ---
I'd assumed that he was talking about something other than NT AUTHORITY\SYSTEM since that's been around for a while. (As an aside, there's a cheat for logging in as NT AUTHORITY\SYSTEM. Let me know if you're interested).
IMHO it's a very good idea to not let your OS admin account run as root/SYSTEM (just like it's a good idea to user a less-privileged account for your daily work!). But of course it should still be possible to elevate to root/SYSTEM rights, and I believe having to reboot to do this is a bit overkill...
-f0dder (October 21, 2015, 11:40 AM)
--- End quote ---
And when you do it, you turn it completely off until you reboot again and turn it on. It's hard enough to get people not to run as admin when they don't have to- rebooting? Not going to happen.
f0dder:
(As an aside, there's a cheat for logging in as NT AUTHORITY\SYSTEM. Let me know if you're interested).-wraith808 (October 21, 2015, 01:23 PM)
--- End quote ---
A new one, or the usual of running cmd.exe as a scheduled job? :)
And when you do it, you turn it completely off until you reboot again and turn it on. It's hard enough to get people not to run as admin when they don't have to- rebooting? Not going to happen.-wraith808 (October 21, 2015, 01:23 PM)
--- End quote ---
Well, while I'm not fond of the way Apple is doing this, you don't really need SYSTEM/root privileges often, neither on OSX nor Windows. And normal admin privileges don't (yet...) require this switcharoo, so it's not too bad in and by itself. It's the reason behind it that's worrying :)
wraith808:
(As an aside, there's a cheat for logging in as NT AUTHORITY\SYSTEM. Let me know if you're interested).-wraith808 (October 21, 2015, 01:23 PM)
--- End quote ---
A new one, or the usual of running cmd.exe as a scheduled job? :)
-f0dder (October 21, 2015, 01:49 PM)
--- End quote ---
That's actually simpler than my method. I didn't even realize that worked! Seems like quite a hole... and quite obvious once you think about it. And not much different than my method.
I use psexec sysinternal tool, and just use the -i -s switches.
And when you do it, you turn it completely off until you reboot again and turn it on. It's hard enough to get people not to run as admin when they don't have to- rebooting? Not going to happen.-wraith808 (October 21, 2015, 01:23 PM)
--- End quote ---
Well, while I'm not fond of the way Apple is doing this, you don't really need SYSTEM/root privileges often, neither on OSX nor Windows. And normal admin privileges don't (yet...) require this switcharoo, so it's not too bad in and by itself. It's the reason behind it that's worrying :)
-f0dder (October 21, 2015, 01:49 PM)
--- End quote ---
Definitely... if you were just *using* them. But rootless also *undoes* them. Which is the terrifying part- especially as the reason behind them is pretty transparent.
f0dder:
Seems like quite a hole... -wraith808 (October 21, 2015, 02:51 PM)
--- End quote ---
Not really, since you need admin privileges to perform the trick. Not having admin have SYSTEM privileges is more about making it difficult to blow off your legs by accident :)
Navigation
[0] Message Index
[*] Previous page
Go to full version