Last active
November 29, 2017 15:33
-
-
Save p4gs/6c4902af27464a3e8616a711f00300f7 to your computer and use it in GitHub Desktop.
Change the macOS root account password to something random and never look back (mitigates this irresponsibly disclosed vuln: https://twitter.com/lemiorhan/status/935578694541770752)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Disallow exporting of new local shell variables | |
| set +a | |
| # Generate random password, 32 chars with mix of upper/lowercase alpha, | |
| # numbers, symbols | |
| pw=$(env LC_CTYPE=C tr -dc 'a-zA-Z0-9_\$\?' < /dev/urandom | head -c32) | |
| # Set root user's password | |
| dscl . passwd /Users/root "$pw" | |
| # Test if you're brave | |
| # echo $pw | |
| # Delete value of pw variable | |
| unset -v pw | |
| # Allow exporting of new shell variables again | |
| set -a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Disclaimer: I've only tested this on myself a few times :P