Mac OS X USB Keyboard Root Access Advisory Title: USB Keyboard Init Crash -> Root Access Release Date: 2003 October 31 Affected Products: Mac OS X 10.2.7 and prior (possibly 10.2.8) Severity: Moderate Impact: Root Access Where: Local System Author: Jason Storm (jms@lasergun.org) VULNERABILITY With access to a USB Keyboard connected to the computer running Mac OS X 10.2.7 and prior (and possibly 10.2.8) the user can hold down control-c during startup to be dropped to the administrative full controlling root shell prompt due to init crashing. init will crash within three minutes into the booting process and will drop you into a root shell. With access to the root shell there is full control over the system including deleting and modifying files that are critical to the system. Jason notes that this security bug in the system is dependant on the USB keyboard being used and it will work with G3 powerbook with a external USB keyboard attached to it. Internal Development Feature The bug was origionally presented to Apple in 1998 but was told it was a 'internal development feature' that would be removed and was reported later on it was still present but wasn't removed. This bug or 'feature' is not present in Mac OS X Panther with the documented control-c bootup process. Included is a copy of the e-mail submited to us and bugtraq. Interact: Could not connect