undefined | Better HN

0 pointscryptoz1y ago0 comments

But how? - surely they don't store the passwords in plain text locally? Does the OS have a function to log in a user while bypassing their credentials? I would have assumed that it is impossible for the OS to preloadapps() when it doesn't have access to the user's apps in the first place.

But apparently it does! shrug

So why tell the user that they need to log in first? If they are the only user account on the system and the OS can access the user's files and apps without logging in, why have the user event set a password in the first place? It seems like a fake login, a false sense of security. And a massive security issue. If the user can just open the lid and that means that code is now running under their own account but they have not authorized a log in, that's just dangerous.

0 comments

delfinom1y ago

The OS at its core doesn't care about credentials. As long as there is a root process, which there is for init. It can simply execute a process as another user id.

With how modern macbooks and many other laptops work nowadays, you are rarely fully turning off the device and simply hibernating it constantly which keeps everything loaded in memory.

I don't deny there are security implications. But it's an Apple design choice. lol

j / k navigate · click thread line to collapse

0 comments

delfinom1y ago

The OS at its core doesn't care about credentials. As long as there is a root process, which there is for init. It can simply execute a process as another user id.

With how modern macbooks and many other laptops work nowadays, you are rarely fully turning off the device and simply hibernating it constantly which keeps everything loaded in memory.

I don't deny there are security implications. But it's an Apple design choice. lol

j / k navigate · click thread line to collapse