[OS X TeX] OT: authorizations in Leopard
Jean-Claude DE SOZA
jeanclaudedesoza at wanadoo.fr
Sun Nov 11 10:04:56 EST 2007
Le 11 nov. 07 à 15:17, Bruno Voisin a écrit :
> Le 11 nov. 07 à 13:31, Jean-Claude DE SOZA a écrit :
>
>> Le 9 nov. 07 à 18:53, Bruno Voisin a écrit :
>>
>>> Hence I tried:
>>>
>>> sudo chmod -a# 0 /Applications
>>> sudo chmod -a# 0 /Library
>>>
>>> It suppresses indeed the warning in Disk Utility, but it does not
>>> seem to affect the authorizations problems I'm experiencing.
>>
>> It is not a good idea to change any permission in Mac OS X by his
>> own.
>> Don't try to remove the ACL as some persons did in the first days
>> of Leopard; it resulted a mess in the system.
>>
>> You only have to do two things. First apply the update for Remote
>> Desktop and Keychain applications
>
> I guess these are two separate updates, one for Remote Desktop and
> the other for Keychain, right? If that it indeed the case, both had
> been applied already. From Software Update.log:
>
> 2007-10-26 23:42:19 +0200: Installed "Remote Desktop Client" (3.2.1)
> 2007-10-26 23:42:29 +0200: Installed "Backup" (3.1.2)
> 2007-10-28 02:33:03 +0200: Installed "Mise à jour du trousseau et de
> l’ouverture de session" (1.0)
> 2007-11-06 09:09:04 +0100: Installed "QuickTime" (7.3)
> 2007-11-06 09:09:58 +0100: Installed "iTunes" (7.5)
>
>> and then start with the Leopard Install Disk as if you want to
>> reinitialize your password. But in the window where you are allowed
>> to, don't change anything except at the bottom: click on the reset
>> button to restaure the ACL to default.
>
> Just did that. If I understood correctly, there is a pull-down menu
> allowing to select a user account, and then the button you mention
> to reset all ACLs for this user.
>
> In my case there were three users in the menu (me and my GF -- the
> two account owners on my MacBook -- and System Administrator aka
> root -- though I did not activate the root account in NetInfo
> Manager in Tiger at any stage). I rebuilt the ACLs for all 3 in
> sequence.
>
>> To finish your job, restart and run Disk Utility and the Repair
>> Permissions and if you see a statement about the SUID of /System/
>> Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/
>> ARDAgent which is changed and will not be repaired, you are done.
>
> When I do that now, not only I do get the message you mention (it
> was there already before), but also I do get messages about found
> and unexpected ACLS in /private/var/root/Library/Preferences and /
> private/var/root/Library. Sounds scary! I hope I did not mess
> anything up by asking to restore default ACLs for root.
>
> From DiskUtility.log:
>
> 2007-11-11 14:55:33 +0100: Verify permissions for “Macintosh HD”
> 2007-11-11 15:01:18 +0100: ACL found but not expected on "private/
> var/root/Library/Preferences".
> 2007-11-11 15:01:18 +0100: ACL found but not expected on "private/
> var/root/Library".
> 2007-11-11 15:01:18 +0100: Warning: SUID file "System/Library/
> CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"
> has been modified and will not be repaired.
> 2007-11-11 15:02:24 +0100:
> 2007-11-11 15:02:24 +0100: Permissions verification complete
>
> Thanks for your help,
The most important thing is the warning:
SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/
Contents/MacOS/ARDAgent" has been modified and will not be repaired.
The ACL were yet in Tiger but are deactivated by default. They had a
vulnerability used in some exploits during the Month of Apple Bugs.
Jean-Claude DE SOZA
More information about the MacOSX-TeX
mailing list