1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Google coughs to macOS boot-fail bug

Discussion in 'Article Discussion' started by bit-tech, 26 Sep 2019.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. Chicken76

    Chicken76 Minimodder

    Joined:
    10 Nov 2009
    Posts:
    952
    Likes Received:
    32
    How can an application damage a filesystem? I thought apps (and app updaters) only access the filesystem through OS calls, which should not damage a filesystem. Regular apps should never touch the filesystem directly. Am I crazy to think that, or just old-fashioned/outdated?
     
    MLyons likes this.
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    I'mma go with "because macOS is an absolute poopshow of an operating system" as my final answer on that one.
     
    yuusou and Chicken76 like this.
  4. kaorihinata

    kaorihinata What's a Dremel?

    Joined:
    24 Sep 2015
    Posts:
    4
    Likes Received:
    0
    The support post linked to in the article probably explains the details a bit better, but to summarize, macOS has a security feature called System Integrity Protection (or SIP) which protects certain parts of the operating system from being modified even by the root user (the ultimate superuser, in this case). Some users disable SIP--either parts of it, or in its entirely--so that they can perform certain forbidden administrative actions such as loading unsigned kernel extensions, or modifying protected filesystem locations. In the case of this bug, users had disabled SIP's filesystem protections and then allowed the Chrome updater, Keystone, to run with elevated privileges. This appears to have resulted in the /var symlink being removed, and replaced with either nothing, or an actual directory containing whatever the updater put there and nothing else. The /var symlink is a link to /private/var, and as /private/var contains a considerable amount of system databases, this makes it kinda hard to recover from given that /var is the canonical location of that directory, and now it's effectively missing. Thankfully the Keystone updater doesn't actually destroy the /private/var directory, only the /var symlink, because if it had then only thing in the support post would have been, "Oops."
     
  5. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    Minor point of fact: macOS from 10.11 up has a security feature called System Integrity Protection (or SIP); while those on 10.11 or higher would have needed to deliberately disable SIP to be affected, anyone on 10.10 or below would have been hit even on default settings.
     
Tags: Add Tags

Share This Page