FileVault security loophole
FileVault security loophole
"Admin User 1 (who uses FileVault) logs in - the encrypted sparse disk image is decrypted and mounted. The machine is then Fast User Switched to Admin User 2 - the [FileVault-enabled account remains mounted], with files available to be read by other admin users (including Admin User 2) using super-user privileges (such as "sudo cat /Users/adminuser1/somesecretfile.txt" at the command line).
"If remote login is enabled, it leads to a very similar situation: Admin User 1 logs in - the encrypted sparse disk image is decrypted and mounted. Admin User 2 remote logs in via SSH to his admin account. Using sudo, Admin User 2 can access Admin User 1's files as above."
We should point out that FileVault is only as secure as the least secure admin-level account -- an unscrupulous admin user could just as easily use Accounts preferences to change the account password of another user (admin or normal), and then access that user's FileVault-encrypted data.
Resources