Apple STILL Has Not Eliminated the "Root" Bug in High Sierra

[honestone]

Earlier this week, I made a couple of posts in one thread on this forum about the "root login" bug in High Sierra, along with the subsequent "update" from Apple that fixes it. Well, this is certainly not encouraging:

https://www.macworld.com/article/32...admin-access-to-your-macbut-theres-a-fix.html

So, if one has OS 10.13, then followed Apple's advice about eliminating that root user flaw, and then upgraded to V10.13.1, the root user security flaw reappears! Don't know what Apple was thinking there!

Man, am I glad I have held off "upgrading" to High Sierra. In actuality, once the High Sierra update for Tech Tool Pro came out, I was going to wait for the soon-to-be release of OS 10.13.2, and hoping that root user bug would be gone with a full, clean installation of OS 10.13.2. Now I'm not so sure.

 

[Allen Davis]

Glad to know TechTool Pro is now High Sierra-friendly, but I still ain't gonna upgrade yet. Unless I know I'm not going to need Contacts, I often login to my iMac and MacBook as root, especially when cloning or backing up. The only pain in the butt I've encountered is having to type in every single username and password for the various websites I visit. This sort of defeats my purpose for logging in as root because I'm trying to avoid having to type my dang password in every time I sneeze and blink. Then again, I don't do much web stuff as root.

But my curiosity is piqued: just what was/is the "root user bug???"

 

[honestone]

Tech Tool Pro is still not compatible with High Sierra. Not sure where you saw that, but I just went onto Micromat's site when I saw your post, and there is no High Sierra update yet available (also, when I launch the latest version of select "Check For Updates", it just says that I am running the most current version).

As for the "root user bug", here is a link to the initial thread I posted about this:

https://www.mac-help.com/threads/high-sierra-security-issue.224098/

By the way, I did recently see that security "bug" will be "squashed" with the upcoming OS 10.13.2 update (will supposedly be coming out soon).

 

[Diane]

Earlier this week, I made a couple of posts in one thread on this forum about the "root login" bug in High Sierra, along with the subsequent "update" from Apple that fixes it. Well, this is certainly not encouraging:

https://www.macworld.com/article/32...admin-access-to-your-macbut-theres-a-fix.html

So, if one has OS 10.13, then followed Apple's advice about eliminating that root user flaw, and then upgraded to V10.13.1, the root user security flaw reappears! Don't know what Apple was thinking there!

Man, am I glad I have held off "upgrading" to High Sierra. In actuality, once the High Sierra update for Tech Tool Pro came out, I was going to wait for the soon-to-be release of OS 10.13.2, and hoping that root user bug would be gone with a full, clean installation of OS 10.13.2. Now I'm not so sure.

Has this been fixed this week? I was not given a choice to not upgrade to high sierra & have been having strange problems every since. Is there a way I can go back to a lesser version of the software?

 

[honestone]

I made a post yesterday that Appel released Version 10.13.2 of High Sierra. From what I can tell, it "permanently" fixes that "root user" security flaw. Here is the link to that post:

https://www.mac-help.com/threads/new-version-of-high-sierra-os-10-13-2-released.224141/

This link tells you how to get it:

http://osxdaily.com/2017/12/06/macos-high-sierra-10-13-2-update/

The only way to go back to an earlier version of High Sierra is if you have a copy of the respective "Install macOS High Sierra". If, though, you upgraded "in place", then you would not have it.

 

[Diane]

I made a post yesterday that Appel released Version 10.13.2 of High Sierra. From what I can tell, it "permanently" fixes that "root user" security flaw. Here is the link to that post:

https://www.mac-help.com/threads/new-version-of-high-sierra-os-10-13-2-released.224141/

This link tells you how to get it:

http://osxdaily.com/2017/12/06/macos-high-sierra-10-13-2-update/

Thank you! Will give it a try.

 

[Spawn_Dooley]

Is there a way I can go back to a lesser version of the software?

Hopefully you can solve your issues with High Sierra but otherwise here is a thread from Apple Discussions covering downgrading the OS from a Time Machine backup made prior to the upgrade:

Can i downgrade High Sierra to Sierra?

 

[honestone]

One of the suggestions via that link above was "Yes, by restoring from a Time Machine backup created prior to upgrading macOS.". I always thought Time Machine backups were not bootable, and thus do not contain all the OS "pieces". That is one of primary reasons why I use SuperDuper! for my backups (along of course with having a copy of the needed "Install macOS whatever" file somewhere on that backup (I know where it is)).