Wednesday, October 31, 2007

Careful with the New Leopard Guest Account

From "A Roundup of Leopard Security Features:"

Guest Account

What It Is.

The Leopard “Guest” account erases itself at logout, providing an ostensible “clean” environment for people to use your machine without cluttering it with garbage, accessing your personal information, or betraying their own personal information.

Why You Care.

Sometimes people want to use your computer. In Tiger, if you let them, they can hijack your machine.

What Leopard Gets Right.

The idea of a secure guest account is useful.

What Leopard Gets Wrong.

Everything but the idea of a secure guest account.

For example:

  • Leopard Guest users can install cron jobs. These are scheduled background tasks, run out of launchd, that will execute even if the Guest user is not logged in. Leopard Guest cron jobs persist after logout.

  • Leopard Guest users can change the wireless network you’re connected to. Even after logout, when you switch to your “real” account, your Guest’s wireless network selection appears to persist.

  • Leopard Guest users can mount remote filesystems. Even after they log out, the mount mount in “/Volumes” remains.

The long and the short of it? Leopard Guest users can remain resident on your machine, even after their home directory has been deleted by the Leopard log out process. They can install daemons that listen on network ports to allow themselves back in. Or they can wait in the background for the next “Guest” to log in and steal all their information.

My Verdict.

Pretend like this feature doesn’t exist.

A slightly less harsh verdict would be this is ok for when your mom wants to use your computer, or vice versa, but it does not mean a student can borrow your computer without your having to worry about him or her screwing up your system intentionally (particularly) or accidentally.

1 comment:

PatGmac said...

Good article. I completely agree. I wish Apple gave us a way to completely erase the Guest account. Next best thing