SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Disabling Single User Boot Mode for Mac OS X

Posted on June 2, 2001

Marukka, a programmer at MSEC (Macintosh Security Group) has created a modified version of the mach_init that will make it so Mac OS X does not have the ability to boot into single user mode.

The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup.

However, if you are not worried about someone having console access to the macintosh we do not suggest patching the system. Single user mode is there for emergency purposes and if disabled you could put yourself in a awkward situation. In other words, Do not use this patch unless you know what you are doing and are sure you want to disable single user boot mode through this method. Alternative solution could be applying password protection through the firmware settings

The patch disables this by installing a modified version of /sbin/mach_init. The patch does NOT backup the insecure version of /sbin/mach_init so if for some strange reason you want to revert to the insecure copy of mach_init you must restore that file from your own backups.

Join our mailing list for the latest security news and deals