On Mac OS X Server, the root account starts out with the same password as the first user account created. Why is this less of a security flaw than it might seem to be?
Why are setuid shell scripts inherently unsafe?
If you use launchctl to load a job when you do not have root privileges, a new copy of launchd is started. Why does Mac OS X not simply load your job into the copy of launchd that is already running as process 1?
Some versions of Mac OS X contain a vulnerability that allows a local user to gain root privileges. Explain how this kind of vulnerability negates the value of a chroot jail.