隨著Mac OS X 10.7.4版本的發布,蘋果在這個升級版中更正了前文中所述的安全隱患。這是一個好訊息,也是蘋果比較快地修正bugs的一個好的開端。而且也是它正式承認該隱患的存在,詳見:OS
X Lion v10.7.3: User account passwords appear in log files for Legacy FileVault, and/or network home directories。
其實,至於該隱患是不是如Apple自己所說的,只有在處理老版本FileVault和網路使用者時才出現,或者是其它時候也會,業界的技術員們還在進行深入探討,而且也在討論自己的解決方案,比如在不安裝升級版本的情況下如何解決這個隱患,特別是10.7.4系統在沒有聲明或者指示的情況下,變更了一些系統的設定,比如登入介面的背景,目前就無法使用10.7.3以前的方法變更,這個給好多企業使用者帶來了麻煩,因為他們很多,使用自己定製的背景圖,無論是顯示系統資訊,還是公司資訊等,至少這是一個很好企業使用者展示的手段,這也是好多管理員抱怨的,Apple不理會/忽略企業使用者的一個原因。
至少,目前為止,已經有人發現了一點該隱患的端倪,使用下面的方法之一,可能會避免系統記錄使用者密碼:
Per Olofsson的方法:
xport TARGET="/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle/Contents/MacOS/HomeDirMechanism" sudo cp "$TARGET" "$TARGET.bak" sudo perl -p -i -e 's/passwordAsUTF8String = %s/passwordAsUTF8String = %p/g' "$TARGET" sudo perl -p -i -e 's/password = %s/password = %p/g' "$TARGET"
Brian Warsing 的方法:
#!/usr/bin/ruby# This code comes with no guarantees and it is not a "fix", just a workaround.# It would be trivial to replace the patched file and restore these debugging messages.# Also, this script modifies a Mac OS X System file, so...require 'etc'require 'fileutils'require 'syslog'@log = Syslog.open('patchhomedirmech')@target = '/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle/Contents/MacOS/HomeDirMechanism'@backup_file = '/private/var/root/HomeDirMechanism.backup'@newfile_path = '/private/var/root/HomeDirMechanism.new'def our_rescue(msg) @log.notice(msg) @log.close exit 1end###################################################################### => MAIN###################################################################### Check UID (must be root)unless Process.euid == 0 raise "You must be root to execute this script."endbegin @log.notice("Backing up file: #{@target}") FileUtils.cp(@target, @backup_file)rescue => e our_rescue("Error backing up file: #{e.message}")end @debug_strings = `/usr/bin/strings #{@target} | /usr/bin/grep "password.* = %s" 2> /dev/null`if @debug_strings @debug_strings = @debug_strings.split("\n")else our_rescue("Nothing to patch: target does not contain any relevant debugging strings")endbegin @file = File.read(@target) @newfile = File.new(@newfile_path, 'w')rescue => e our_rescue("Error loading file: #{e.message}")end begin @log.notice("Patching file: #{@newfile_path}") @debug_strings.each do |string| len = string.length replacement = '' len.times { replacement << "\000" } @file.gsub!(string, replacement) end @newfile << @file @newfile.flush @newfile.closerescue => e our_rescue("Error patching file: #{e.message}")endbegin @log.notice("Replacing file: #{@target}") FileUtils.rm_rf(@target) FileUtils.move(@newfile_path, @target)rescue => e our_rescue("Error replacing file: #{e.message}")endbegin @log.notice("Nullfying security logs...") raise unless system("cat /dev/null > /var/log/secure.log") @log.notice("Removing archived security logs...") logs = Dir.glob("/private/var/log/secure*.bz2") logs.each { |log| FileUtils.rm(log) }rescue => e our_rescue("Error deleting log(s): #{e.message}")end@log.notice("Done.")@log.closeexit 0