Saturday, September 15, 2007

Still trading as ClosedDarwin

It's not surprising, but while Apple's opensource page now includes a link to the iPhone software release (clicky the title), this only contains links to the WebCore and JavaScriptCore source, which is also available from the WebKit home on While it is possible that the iPhone is distributed solely with software Apple can distribute without source, I wouldn't be surprised if there isn't just a teensy dollop of GPL code in there somewhere...

Wednesday, September 05, 2007

Old news

So the Inquirer thinks they've got a hot potato on their hands, with this "security flaw" in OS X. I've been using this approach for years (like, since NeXTSTEP): boot into single-user and launch NetInfo manually, then passwd root. Or in newer Mac OS X, nicl means you don't have to launch NetInfo.

Of course, if you give physical access to the computer without a Firmware password, then the 'attacker' may as well just boot from external media and do whatever they want from there. But the solution, as well as setting the Firmware password, is to edit the /etc/ttys file, change the line:

console "/System/Library/CoreServices/" vt100 on secure onoption="/usr/libexec/getty std.9600"


console "/System/Library/CoreServices/" vt100 on onoption="/usr/libexec/getty std.9600"

Now the root password is required in single-user mode (as the console is no longer considered a secure terminal).