back to article Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

You can bypass Apple's space-age security, and gain administrator-level privileges on an OS X Yosemite Mac, using code that fits in a tweet. Yosemite, aka version 10.10, is the latest stable release of the Mac operating system, so a lot of people are affected by this vulnerability. The security bug can be exploited by a logged …


  1. Anonymous Coward
    Anonymous Coward

    to me it sounds like

    The enviroment variable is used to redirect print output to a file and the problem comes in because the process using the variable has its got root access or the sudousers file is write enabled for non-root accounts.

    So the solution to retain security is to prevent modification of security files via sudo, personally I never liked sudo anyway and it was always easy enough to open a root shell. Even keeping sudo they could just move the print to file into userland

    Making things easier by usurping your security is Microsoft's mindset and disease like this really shouldnt cross the species barrier, time for Apple devs to get their heads straight

  2. outer

    Doing the Thang

    Once you get his signed kext Bandaid, then you need to figure out how to make it load.

    1st, after copying it into /System/Library/Extensions, you need to get the file ownership & permissions right, and strip off all the Apple Quarantine attributes.

    2nd, you need to craft & install a /Library/LaunchDaemons plist file as a sparkplug to fire it up.

    It works, but maybe not for the casual or feint of heart user. He might have made it easier,

    but hey, he has to earn a living too, and if you don't know what you're doing by this point

    you probably should not be doing this.


    1. Anonymous Coward
      Thumb Up

      Re: Doing the Thang

      He has made it easier with an autoloading package now. It works. Remember to reboot your system though.

      Agree fully that if you aren't comfortable with the shell and the internals of your OS then you should not be compiling it from source.

      1. outer

        Re: Doing the Thang

        Remember to contribute to his welfare.

  3. outer

    Maybe remember to contribute to his welfare?

  4. Anonymous Coward
    Anonymous Coward

    Excellent editing! :)

  5. Henry Wertz 1 Gold badge

    "Because of SUID, the *nix security model is not a security boundary. A security boundary guarantees that every access is checked against an access policy or permission set. By design, the *nix model is that if you are root you bypass all security checks."


    "It is a deliberate hole, drilled in the model out of necessity since the model is otherwise not capable of expression necessary permissions in modern environments."

    Well, modern unixes do have numerous groups for things like audio, scanner (if you have a scanner connected), and so on, members of a group can access a resource and otherwise you can't. This allows more granular access than "user" or "root", but nevertheless it's true root is used quite a bit.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019