bug解决方法_巨大的macOS Bug允许没有密码的root登录。解决方法

bug解决方法

A newly-discovered vulnerability in macOS High Sierra allows anyone with access to your laptop to quickly create a root account without entering a password, bypassing any security protocols you have set up.

macOS High Sierra中新发现的漏洞使任何有权访问您的笔记本电脑的人无需输入密码即可快速创建root帐户，而无需绕过您设置的任何安全协议。

It’s easy to exaggerate security problems. This isn’t one of those times. This is really bad.

夸大安全性问题很容易。这不是那些时候之一。这真的很糟糕。

You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs

您可以通过系统偏好设置>用户和组>单击锁进行访问。然后使用没有密码的“ root”。并尝试几次。结果令人难以置信！ pic.twitter.com/m11qrEvECs

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

— Lemi Orhan Ergin(@lemiorhan) 2017年11月28日

漏洞利用的工作方式 (How the Exploit Works)

Warning: do not do this on your Mac! We’re showing you these steps to point out just how simple this exploit is, but actually following them will leave your computer insecure. Do. Not. Do. This.

警告：请勿在Mac上执行此操作！ 我们正在向您展示这些步骤，以指出此漏洞利用有多么简单，但实际上，遵循它们将使您的计算机不安全。 做。不。做。 这个。

The exploit can be run in many ways, but the simplest way to see how it works is in System Preferences. The attacker needs only to head to Users & Groups, click the lock at bottom-left, then try to log in as “root” with no password.

该漏洞可以多种方式运行，但是查看漏洞如何工作的最简单方法是“系统偏好设置”。攻击者只需要前往“用户和组”，单击左下角的锁，然后尝试以“ root”用户身份登录而无需输入密码。

The first time you do this, amazingly, a root account with no password is created. The second time you’ll actually log in as root. In our tests this works regardless of whether the current user is an administrator or not.

令人惊讶的是，第一次执行此操作时，会创建一个没有密码的根帐户。第二次您实际上将以root用户身份登录。在我们的测试中，无论当前用户是否为管理员，此方法均有效。

This gives the attacker access to all administrator preferences in System Preferences…but that’s only the beginning, because you’ve created a new, system-wide root user with no password.

这使攻击者可以访问“系统偏好设置”中的所有管理员偏好设置……但这仅仅是个开始，因为您已经创建了一个新的，系统级的，没有密码的root用户。

After going through the above steps, the attacker can then log out, and choose the “Other” option that appears on the login screen.

完成上述步骤后，攻击者即可注销，然后选择出现在登录屏幕上的“其他”选项。

From there, the attacker can enter “root” as the username and leave the password field blank. After pressing Enter, they’ll be logged in with full system administrator privileges.

从那里，攻击者可以输入“ root”作为用户名，并将密码字段保留为空白。按Enter键后，他们将以完整的系统管理员权限登录。

They can now access any file on the drive, even if it’s otherwise protected by FileVault. They can change any users’ password, allowing them to log in and access things like email and browser passwords.

他们现在可以访问驱动器上的任何文件，即使该文件受到FileVault的保护也是如此。他们可以更改任何用户的密码，从而允许他们登录并访问诸如电子邮件和浏览器密码之类的内容。

This is full access. Anything you can imagine an attacker can do, they can do with this exploit.

这是完全访问权限。您可以想象攻击者可以做的任何事情，他们都可以利用此漏洞来做。

And depending on which sharing features you have enabled, it could be possible for this to happen all remotely. At least one user triggered the exploit remotely using Screen Sharing, for example.

并且取决于您启用了哪些共享功能，这有可能全部远程发生。例如，至少一个用户使用“屏幕共享”远程触发了漏洞利用。

If certain sharing services enabled on target – this attack appears to work ???? remote ????????☠️ (the login attempt enables/creates the root account with blank pw) Oh Apple ???????????????? pic.twitter.com/lbhzWZLk4v

如果目标启用某共享服务-这种攻击似乎工作????远程????????☠️(登录尝试启用/创建空白PW root帐户)哦苹果???????????????? pic.twitter.com/lbhzWZLk4v

— patrick wardle (@patrickwardle) November 28, 2017

—帕特里克·沃德尔(@patrickwardle) 2017年11月28日

If you have screen sharing enabled it’s probably a good idea to disable it, but who can say how many other potential ways there are to trigger this problem? Twitter users have demonstrated ways to launch this using the Terminal, meaning SSH is a potential vector as well. There’s probably no end of ways this can be triggered, unless you actually set up a root account yourself and lock it down.

如果启用了屏幕共享，则禁用它可能是一个好主意，但是谁能说出触发此问题的其他潜在方式有多少？ Twitter用户已经演示了使用Terminal来启动它的方法，这意味着SSH也是潜在的载体。除非您自己实际设置了一个根帐户并将其锁定，否则触发此方法的方式可能没有尽头。

How does this all actually work? Mac security researcher Patrick Wardle explains everything here with a lot of detail. It’s pretty grim.

这一切实际上如何运作？ Mac安全研究员Patrick Wardle 在这里详细解释了所有内容。非常严峻。

更新Mac可能会解决问题，也可能无法解决问题 (Updating Your Mac May or May Not Fix the Problem)

As of November 29, 2017, there is a patch available for this problem.

截至2017年11月29日，已有针对此问题的补丁程序。

But Apple even messed up the patch. If you were running 10.13, installed the patch, then upgraded to 10.13.1, the problem was reintroduced. Apple should have patched 10.13.1, an update that came out a few weeks earlier, in addition to releasing the general patch. They did not, meaning some users are installing “updates” that roll back the security patch, bringing back the exploit.

但是苹果甚至搞砸了补丁。如果您正在运行10.13，安装了补丁程序，然后升级到10.13.1，则会重新引入问题。 Apple应该已经发布了10.13.1补丁，这是几周前发布的更新，而且还发布了常规补丁。他们没有这样做，这意味着某些用户正在安装“更新”，这些更新会回滚安全补丁，从而重新利用该漏洞。

So while we still recommend updating your Mac, you should probably also follow the steps below to close the bug yourself.

因此，尽管我们仍然建议您更新Mac，但您可能还应该按照以下步骤自行关闭该错误。

In addition, some users are reporting that the patch breaks local file sharing. According to Apple you can solve the problem by opening the Terminal and running the following command:

此外，一些用户报告该修补程序破坏了本地文件共享。根据Apple的说法，您可以通过打开终端并运行以下命令来解决此问题：

sudo /usr/libexec/configureLocalKDC

File sharing should work after this. This is frustrating, but bugs like this are the price to pay for quick patches.

此后，文件共享应该可以工作了。这令人沮丧，但是像这样的错误是快速补丁需要付出的代价。

通过使用密码启用根来保护自己 (Protect Yourself by Enabling Root With a Password)

Even though a patch has been released, some users may still experience the bug. There is, however, a manual solution that will fix it: you just need to enable the root account with a password.

即使已发布了补丁程序，某些用户仍可能会遇到该错误。但是，有一个手动解决方案可以解决该问题：您只需要使用密码启用root帐户即可。

To do this, head to System Preferences > Users & Groups, then click the “Login Options” item in the left panel. Then, click the “Join” button beside “Network Account Server” and a new panel will pop up.

为此，请转到系统偏好设置>用户和组，然后单击左侧面板中的“登录选项”项。然后，单击“网络帐户服务器”旁边的“加入”按钮，将弹出一个新面板。

Click “Open Directory Utility” and a new window will open.

单击“打开目录实用程序”，将打开一个新窗口。

Click the lock button, then enter your username and password when prompted.

单击锁定按钮，然后在出现提示时输入您的用户名和密码。

Now click Edit > Enable Root User in the menu bar.

现在，在菜单栏中单击“编辑”>“启用根用户”。

Enter a secure password.

输入安全密码。

The exploit will not longer work, because your system will already have a root account enabled with an actual password attached to it.

该漏洞利用将不再起作用，因为您的系统已经启用了一个root帐户，并为其附加了实际密码。

继续安装更新 (Keep Installing Updates)

Let’s make this clear: this was a huge mistake on Apple’s part, and the security patch not working (and breaking file sharing) is even more embarrassing. Having said that, the exploit was bad enough that Apple had to move quickly. We think you should absolutely install the patch available for this problem and enable a root password. Hopefully soon Apple will fix these issues with another patch.

让我们说清楚：这是Apple的一个巨大错误，并且安全补丁不起作用(并破坏了文件共享)更加令人尴尬。话虽如此，该漏洞严重不足，苹果不得不Swift采取行动。我们认为您绝对应该安装可用于此问题的修补程序并启用root密码。希望不久之后，苹果公司将通过另一个补丁修复这些问题。

Update your Mac: don’t ignore those prompts. They’re there for a reason.

更新您的Mac：请勿忽略这些提示。他们在那里是有原因的。

翻译自: https://www.howtogeek.com/334611/huge-macos-bug-allows-root-login-without-a-password.-heres-the-fix/