absurd MacOS High Sierra bug
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-... The title pretty much says it all - you can login as root with no password, or elevate to root privileges to make system changes with no password, on all the current MacOS High Sierra releases. There is a work around (I think you simply have to enable the root account, with a password), but man.. wtf !? It shouldn't affect sshd - PermitRootLogin defaults to no. However it does appear to affect VNC / Apple Remote Desktop connections. LOL! How does something like this get past QA ? -- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
Lol time to visit Apple Store El 29/11/17 a las 16:03, John Newman escribió:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
The title pretty much says it all - you can login as root with no password, or elevate to root privileges to make system changes with no password, on all the current MacOS High Sierra releases. There is a work around (I think you simply have to enable the root account, with a password), but man.. wtf !?
It shouldn't affect sshd - PermitRootLogin defaults to no. However it does appear to affect VNC / Apple Remote Desktop connections. LOL! How does something like this get past QA ?
saw it coming, i'm in linux now, ran mac for 7 yrs, saw it was time for a change again. On Wed, Nov 29, 2017 at 10:03 AM, John Newman <jnn@synfin.org> wrote:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
The title pretty much says it all - you can login as root with no password, or elevate to root privileges to make system changes with no password, on all the current MacOS High Sierra releases. There is a work around (I think you simply have to enable the root account, with a password), but man.. wtf !?
It shouldn't affect sshd - PermitRootLogin defaults to no. However it does appear to affect VNC / Apple Remote Desktop connections. LOL! How does something like this get past QA ?
-- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On Wed, Nov 29, 2017 at 10:03:29AM -0500, John Newman wrote:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
This is not absurd, this is how the real world works. Software comes with no warranty of any kind for a reason ;) The ironic part is how this feature survived so long - password bruteforcer would have caught the empty password in O(1).
On November 29, 2017 12:27:54 PM EST, Georgi Guninski <guninski@guninski.com> wrote:
On Wed, Nov 29, 2017 at 10:03:29AM -0500, John Newman wrote:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
This is not absurd, this is how the real world works. Software comes with no warranty of any kind for a reason ;) The ironic part is how this feature survived so long - password bruteforcer would have caught the empty password in O(1).
That's why I called it absurd ;). How does something so simple to catch fall through the cracks of an ostensibly "large & professional" software shop? Fucking embarrassing for Apple.
Speaking of Big-O notation. Can anyone give me an example of something that is O(0)? Marxos On 11/29/17, John Newman <jnn@synfin.org> wrote:
On November 29, 2017 12:27:54 PM EST, Georgi Guninski <guninski@guninski.com> wrote:
On Wed, Nov 29, 2017 at 10:03:29AM -0500, John Newman wrote:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
This is not absurd, this is how the real world works. Software comes with no warranty of any kind for a reason ;) The ironic part is how this feature survived so long - password bruteforcer would have caught the empty password in O(1).
That's why I called it absurd ;). How does something so simple to catch fall through the cracks of an ostensibly "large & professional" software shop?
Fucking embarrassing for Apple.
Top posting now ... First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1). Perhaps O(0) is things that could have happened, but did not happen? Or rather than "have not happened yet", "could never happen" perhaps? It's missing from here: https://en.wikipedia.org/wiki/Big_O_notation#Orders_of_common_functions and since it's not taken yet, let's call it the order of my thought (or is that disorder?) - on second thoughts, if ƒ(thought)≡O(0), perhaps that would mean I have no thoughts? But what of the thought that thought this thought? ... meltdown of the universe in 3 … 2 … aaaarrrrggghhhhhhhh On Wed, Nov 29, 2017 at 07:25:43PM +0000, \0xDynamite wrote:
Speaking of Big-O notation. Can anyone give me an example of something that is O(0)?
Marxos
On 11/29/17, John Newman <jnn@synfin.org> wrote:
On November 29, 2017 12:27:54 PM EST, Georgi Guninski <guninski@guninski.com> wrote:
On Wed, Nov 29, 2017 at 10:03:29AM -0500, John Newman wrote:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
This is not absurd, this is how the real world works. Software comes with no warranty of any kind for a reason ;) The ironic part is how this feature survived so long - password bruteforcer would have caught the empty password in O(1).
That's why I called it absurd ;). How does something so simple to catch fall through the cracks of an ostensibly "large & professional" software shop?
Fucking embarrassing for Apple.
Top posting now ...
Shin! Sorry about that, thanks for pointing it out.
First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1).
Perhaps O(0) is things that could have happened, but did not happen?
In C, printf("Hello world.") is an O(1) function (the number of charactes is constant), but in Python, I'm suggesting that it might be O(0) due to Python being designed as a high-level language, where the # of characters isn't considered for computing the function, but as seen as one operation. That's my take... Marxos
On Wed, Nov 29, 2017 at 10:46:12PM +0000, \0xDynamite wrote:
Top posting now ...
Shin! Sorry about that, thanks for pointing it out.
First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1).
Perhaps O(0) is things that could have happened, but did not happen?
In C, printf("Hello world.") is an O(1) function (the number of charactes is constant), but in Python, I'm suggesting that it might be O(0) due to Python being designed as a high-level language, where the # of characters isn't considered for computing the function, but as seen as one operation.
That's called O(1), unless Python makes it worse.
On Wed, Nov 29, 2017 at 10:46:12PM +0000, \0xDynamite wrote:
Top posting now ...
Shin! Sorry about that, thanks for pointing it out.
First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1).
Perhaps O(0) is things that could have happened, but did not happen?
In C, printf("Hello world.") is an O(1) function (the number of charactes is constant), but in Python, I'm suggesting that it might be O(0) due to Python being designed as a high-level language, where the # of characters isn't considered for computing the function, but as seen as one operation.
That's my take...
That's not what it means / how it works. I'm not much of a mathematician, but O(1) simply means a routine that will always take the same amount of time, regardless the input data. If you don't know the length of the string before hand, and assuming for sake of example none of the arguments to printf are function calls, eg printf("math results: %.2f!\n", unknown_math_func(23)), then I suppose its O(N) where N = the length of the string being printed. I don't see why this would be any different for Python and its print function (again, assuming none of the arguments to a format string are function calls, e.g. - print "math results: %.2f!\n" % (unknown_math_func(23)). I honestly don't know where you geting the idea of O(0) from.. It made me start thinking of quantum entanglement and time travel. But I did eat a brownie earlier :P
Marxos
-- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On Wed, Nov 29, 2017 at 11:19:32PM -0500, John Newman wrote:
On Wed, Nov 29, 2017 at 10:46:12PM +0000, \0xDynamite wrote:
Top posting now ...
Shin! Sorry about that, thanks for pointing it out.
First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1).
Perhaps O(0) is things that could have happened, but did not happen?
In C, printf("Hello world.") is an O(1) function (the number of charactes is constant), but in Python, I'm suggesting that it might be O(0) due to Python being designed as a high-level language, where the # of characters isn't considered for computing the function, but as seen as one operation.
That's my take...
That's not what it means / how it works. I'm not much of a mathematician, but O(1) simply means a routine that will always take the same amount of time, regardless the input data.
If you don't know the length of the string before hand, and assuming for sake of example none of the arguments to printf are function calls, eg
Function calls are ok in the sense that what matters is the order of each function call (if there are any). O(1) functions will leave the caller as O(whatever the caller is).
printf("math results: %.2f!\n", unknown_math_func(23)), then I suppose its O(N) where N = the length of the string being printed.
Ack.
I don't see why this would be any different for Python and its print function (again, assuming none of the arguments to a format string are function calls, e.g. - print "math results: %.2f!\n" % (unknown_math_func(23)).
I believe you're right on this (as much as it pains me to say so).
I honestly don't know where you geting the idea of O(0) from.. It made me start thinking of quantum entanglement and time travel. But I did eat a brownie earlier :P
Marxos
-- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1).
Perhaps O(0) is things that could have happened, but did not happen?
In C, printf("Hello world.") is an O(1) function (the number of charactes is constant), but in Python, I'm suggesting that it might be O(0) due to Python being designed as a high-level language, where the # of characters isn't considered for computing the function, but as seen as one operation.
That's my take...
That's not what it means / how it works. I'm not much of a mathematician, but O(1) simply means a routine that will always take the same amount of time, regardless the input data.
But what of a call like PRINT 1? It is different than a call like PRINT "How many characters will have to be output", yes? So, I believe there is a meaningful difference to actually make an O(0) designation for the sake of completeness. Thank you. You may be seated. Marxos
On November 30, 2017 10:54:58 AM EST, "\0xDynamite" <dreamingforward@gmail.com> wrote:
First thought was "thoughts", but the electron synapse reaction time is rather measurable I believe, and so in principle the manifestation of the thought as a set of images (or words or what have you), is most likely O(1).
Perhaps O(0) is things that could have happened, but did not happen?
In C, printf("Hello world.") is an O(1) function (the number of charactes is constant), but in Python, I'm suggesting that it might be O(0) due to Python being designed as a high-level language, where the # of characters isn't considered for computing the function, but as seen as one operation.
That's my take...
That's not what it means / how it works. I'm not much of a mathematician, but O(1) simply means a routine that will always take the same amount of time, regardless the input data.
But what of a call like PRINT 1? It is different than a call like PRINT "How many characters will have to be output", yes? So, I believe there is a meaningful difference to actually make an O(0) designation for the sake of completeness.
No, not the non-existent O(0). You're confused.
Thank you. You may be seated.
You may go back to your homework :)
Marxos
Apple just released a patch for this. Guess it is time to install this… :-)
On 29 Nov 2017, at 16:03, John Newman <jnn@synfin.org> wrote:
https://it.slashdot.org/story/17/11/28/2135236/macos-high-sierra-bug-allows-...
The title pretty much says it all - you can login as root with no password, or elevate to root privileges to make system changes with no password, on all the current MacOS High Sierra releases. There is a work around (I think you simply have to enable the root account, with a password), but man.. wtf !?
It shouldn't affect sshd - PermitRootLogin defaults to no. However it does appear to affect VNC / Apple Remote Desktop connections. LOL! How does something like this get past QA ?
-- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
participants (7)
-
\0xDynamite -
Edward Low -
Georgi Guninski -
James Bunnell -
John Newman -
Quux -
Zenaan Harkness