Probably of no use to hackers but demonstrates the faith we place in vendors of free software to not do any harm.
On Tuesday, Google halted deployment of a Chrome update that damaged the file system on some macOS computers and rendered them unable to boot up as normal. The issue affected enough Mac Pro workstations to warrant attention from Avid, a maker of professional audio and video applications. The company on Tuesday reassured …
If Google Chrome has automatic updates enabled (not on by default and need admin elevation), it does this through a LaunchAgent in Library.
This has elevated privileges so can mess with everything IF someone actively disables SIP.
To disable SIP, you have to reboot into recovery mode first, then issue the command - csrutil disable
It's only going to mess with people who have actively subverted the OS X security for whatever reason.
Adobe did a similar thing a while ago where an updater/installer started deleting things it shouldn't as part of it's cleanup process.
> It's only going to mess with people who have actively subverted the OS X security for whatever reason.
Or those with older versions of MacOS, without SIP. I guess Avid users were disproportionately getting caught because they were adding 3rd Party GPUs and were disabling SIP to install various kernal extensions.
"It's only going to mess with people who have actively subverted the OS X security for whatever reason"
One "whatever reason" being able to trace and debug programs with raised priviliedges to find out how they work and exactly what they're doing. Otherwise with SIP enabled dtruss and lldb just tell you to go do one.
ever heard of /var/log ????
All sorts of useful information get put in there. Could Google be slurping it and then deleting it to hide any tracks that might expose their crimes.
IMHO, because of this, Chrome should be banned from the appStore until they behave properly. But this is Google (who is evil through and through) we are talking about.
I've just added another 100+ google slurping and ad slinging domains to my firewall.
"IMHO, because of this, Chrome should be banned from the appStore until they behave properly"
I'm not at my Mac at the moment, but IIRC Chrome is installed on Mac by downloading a .dmg, not through the MacOS App Store. So the only control Apple has is to somehow remove it from their list of signed software (which is easily circumvented).
Google is nothing if not persistent. I have Chrome on my work laptop and I installed Google Earth as well. Thinking it would be useful on my home computer, I installed Google Earth there as well. To my surprise, at next boot I found out my home computer had Chrome installed as well.
I didn't want Chrome, so I removed it. The following boot I found it there again. I'll spare you the details (rummaging around the Registry, checking startup options, controlling services, etc) but suffice it to say that after four days of these shenanigans, I gave up and removed anything Google from my home computers and Google is blacklisted on my personal hardware.
I updated Earth a couple of years ago (mid 2010 Macbook Pro) and it was unusable. So I tried to use Time Machine to go back to the old one and it kept getting reinstalled, like a virus or a worm.
I forget how I killed the process but it was not a consumer level fix. My version of Earth is now no longer updated on startup with new data, it just runs. Things like bus stop data are out of date. If I need more up to date stuff I have to use Maps on my Android phone instead.
AFAIK it uses an old virus technique, a persistent mount. You can see it if you execute "df" from the command line, but I can't recall how I got rid of it in the end. I think I did an fgrep through the entire file system to find where it was mounted from, and only after that mount was gone was it possible to nuke the damn thing permanently.
Oh, I wish I could be 100% chrome free.
It has turned into the IE6 of today. Many websites I need to use are coded only so they work in Chrome. :-(
Thankfully that is a very small percentage, but its enough that I need to run Chrome for some of those damn work SaaS offerings they insist on using.
If it's a developer machine ... well, that's always a risk if you test software.
But video/audio work? Why would you even hook this up to the web if it's your livelihood depending on this machine running? Now, maybe you need a web connection to get source material in. Fair enough. But even so, the software on there should be secure and not auto-update. Never change a running system. It may be better to do the web thing on another machine, and use physical means to carry over the video and audio files with checks. In the lab I was working the PC running our main science machine was islanded, and we (I as the de-facto lab manager) vetted the USB sticks used to get the data out. The students weren't allowed to use their own...
I inherited this machine from my very techie daughter who might have disabled SIP if it got in her way. How do I tell if it is active? I can't see anything that looks like it on Activity Monitor. Any quick and easy Terminal ways to find out?
Belay that, the SIP link in the article tells you how. Enabled. Ta very much El Reg!
By the way week ago i had similar issue with freebsd, serving as router. Reboot , can't boot due unable to mount missing folders . Single user log on and I discovered the /var is empty . Workarounded it creating manually the folders. There was nothing critical. Still investigate it but its suspiciosly close to this macos issue.
I do a fair chunk of AV work (on PC, luckily, so I don't run into this problem). Audio and video processing are both notoriously power-hungry - video more than audio, but try running lots of effects on lots of audio channels and you'll eat a lot of cycles very easily. So essentially all the pro-level audio and video suites use GPU acceleration, and the higher-end ones can use multiple GPUs. Take a look at BlackMagic's Da Vinci Resolve (https://www.blackmagicdesign.com/uk/products/davinciresolve) for one such video suite.
The GPUs built into most Macs aren't great. Luckily, there's long been good external connectivity on Macs to add an external GPU (eGPU) or two. Apple even support this and sell their own eGPUs. See https://support.apple.com/en-gb/HT208544 for the currently supported list... I'll wait...
... it's a bit crap, isn't it? ATI/AMD cards only, for example. Nothing nVidia is even supported. So you end up having to add custom device drivers into your OS kernel to support any sane eGPU at any sane price. Which means modifying the kernel. Which means disabling SIP.
So that's why the AV community are some of the most likely to disable SIP.
"But surely you temp disable SIP to add drivers, then put it back on to keep yourself safe?"
Yes - that's exactly what you'd normally do - disable SIP, install your strange kexts then re-enable SIP.
I'm not sure why anyone would want/need to leave it permanetly disabled?
I've never use such specialised hard- or software... but I can imagine crappily written software to run some special hardware that trigger SIP every time it is run. Mostly because there's lazy developers who cannot adjust to a stricter security regimen. There's quite a bit of such software for Macs.
Yes, its really sounds stupid for someone outside video processing field .
Working professional in apple's environment is perfect description of PITA. Just simple example - Sonet 10gbe NIC, placed in Sonet TB expansion box dissconects/connects randomly until I disabled the ....postfix daemon . I can think of plenty of cases where SiP needs to be neglected.
GoogleSoftwareUpdate used to interfere with MacOS power management so its daemon stalled. When the daemon finally aborted talking to GoogleSoftwareUpdate, it would become confused by the time jump and instantly put the system to sleep.
I'm sure it's not talking to the power management for data slurping. Google would never do that.
Biting the hand that feeds IT © 1998–2022