[Swordmaker]

Possible Security exploit that MIGHT impact OSX... but it requires "root access" for the exploit to work.

Mac OS X behaves in a similar fashion to Windows: Given root rights kernel extensions can be loaded, which can then issue ATA commands.

The authors seem to be misctaking OSX's "root kernal rights" with OSX's Administrator level permissions ("as for Mac OS X, entering one's administrator password to install any old piece of shareware has become common practice..."). Activating "root" is a access level above OSX Administrator access which requires more than just entering the Administrator password.

This potential exploit presupposes the existance of an OSX virus that invades the system, elevation of access privileges, and finally the ability to mine the "Root level" access password IF Root access has been activated before the OSX system might be impacted.

Although I believe there is "no there, there" in this exploit, I am pinging the Mac Ping list to this article. They offer a "fix" that requires Mac users to activate Root... which could make one's Mac vulnerable to this and other exploits. That is not a good idea, to my mind.

In any case... PING!

If you want to be on or off the Mac Ping list, Freepmail me.

[general_re]

I don't think, frankly, that this is worth worrying about on any platform. The main danger seems to be if someone has physical access to the machine, but if bad guys have physical access to your machine, locked hard drives should be the least of your worries.