security problem: copy system keychain

jridgewell / Unlock

Unlock multiple Core Storage encrypted volumes at boot.

MIT License

197 stars 34 forks source link

security problem: copy system keychain #11

Closed SteveKueng closed 10 years ago

SteveKueng commented 10 years ago

Hey there!

Your tool is really cool, but I tested something and I thing this is a little security problem.

1st partition ist NOT encrypted (Macintosh HD) 2nd partition is encrypted (Users)

So when I boot in target mode and go in to de Macintosh HD copy the system keychain to an other machine, install unlock on the this machine and boot, I can mount the Users partition without a password. I tested this on two Macs (10.9 and 10.8)

best regards Steve

jridgewell commented 10 years ago

Hi Steve,

You are right, you can copy over the system keychain in target disk mode. However, it is still encrypted using the SystemKey, which is has privileged read/write only (not hard to get around, though).

The only protections against this are

to setup a firmware password, which will prevent target disk mode (and single user mode) without the password.
to encrypt the Macintosh HD drive.

SteveKueng commented 10 years ago

okey thanks :)

than the only way is encrypt the boot volume, because the firmware password isn't secure enough... My users will hate me... ;)