Mac Admins Flashcast Special: The #iamroot Situation
Mike Lynn of Facebook and Rich Trouton join the pod’s very first Flashcast to talk about the #iamroot situation, a serious privilege escalation in Mac 10.13.0 – 10.13.2 beta 5 that allows password-free access to the root account. Solutions are discussed, as well as mitigation strategies for situations like this in the future.
- Pepijn Bruienne, R&D Engineer at Duo Security [@bruienne], Proprietor of EnterpriseMac.Bruienne.com
- Tom Bridge, Partner at Technolutionary LLC [@tbridge]
- James Smith, IT Administrator at Culture Amp [@smithjw]
- Mike Lynn, Client Platform Engineer, Facebook [@mikeymikey]
- Rich Trouton, [Der Flounder]
Links & Notes
Blocking logins to the root account on macOS High Sierra
Developer Forums Post from 13 November 2017 Describing This Behavior
Pycreateuserpkg from Greg Neagle
Apple KBase, updated 28 November 2017: How to enable the root user on your Mac or change your root password
Rate Us On iTunes!
Sponsor Mac Admins Podcast!
If you’re interested in sponsoring the Mac Admins Podcast, please email email@example.com for more information.
Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!