Disabling Single User Boot Mode for Mac OS X
Marukka, a programmer at MSEC (Macintosh Security Group) has created a modified version of the mach_init that will make it so Mac OS X does not have the ability to boot into single user mode.
The MSEC single-user patch disables the ability to boot into single-user mode under OS X. If this patch is not applied then anyone with physical access to the Mac OS X machine can gain root access easily by holding down the command and s keys at startup.
However, if you are not worried about someone having console access to the macintosh we do not suggest patching the system. Single user mode is there for emergency purposes and if disabled you could put yourself in a awkward situation. In other words, Do not use this patch unless you know what you are doing and are sure you want to disable single user boot mode through this method. Alternative solution could be applying password protection through the firmware settings
The patch disables this by installing a modified version of /sbin/mach_init. The patch does NOT backup the insecure version of /sbin/mach_init so if for some strange reason you want to revert to the insecure copy of mach_init you must restore that file from your own backups.