續:Mac獅子系統又暴安全隱患

來源:互聯網
上載者:User

隨著Mac OS X 10.7.4版本的發布,蘋果在這個升級版中更正了前文中所述的安全隱患。這是一個好訊息,也是蘋果比較快地修正bugs的一個好的開端。而且也是它正式承認該隱患的存在,詳見:OS
X Lion v10.7.3: User account passwords appear in log files for Legacy FileVault, and/or network home directories。

其實,至於該隱患是不是如Apple自己所說的,只有在處理老版本FileVault和網路使用者時才出現,或者是其它時候也會,業界的技術員們還在進行深入探討,而且也在討論自己的解決方案,比如在不安裝升級版本的情況下如何解決這個隱患,特別是10.7.4系統在沒有聲明或者指示的情況下,變更了一些系統的設定,比如登入介面的背景,目前就無法使用10.7.3以前的方法變更,這個給好多企業使用者帶來了麻煩,因為他們很多,使用自己定製的背景圖,無論是顯示系統資訊,還是公司資訊等,至少這是一個很好企業使用者展示的手段,這也是好多管理員抱怨的,Apple不理會/忽略企業使用者的一個原因。


至少,目前為止,已經有人發現了一點該隱患的端倪,使用下面的方法之一,可能會避免系統記錄使用者密碼:

Per Olofsson的方法:

xport TARGET="/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle/Contents/MacOS/HomeDirMechanism"   sudo cp "$TARGET" "$TARGET.bak"   sudo perl -p -i -e 's/passwordAsUTF8String = %s/passwordAsUTF8String = %p/g' "$TARGET"   sudo perl -p -i -e 's/password = %s/password = %p/g' "$TARGET"

Brian Warsing 的方法:

#!/usr/bin/ruby# This code comes with no guarantees and it is not a "fix", just a workaround.# It would be trivial to replace the patched file and restore these debugging messages.# Also, this script modifies a Mac OS X System file, so...require 'etc'require 'fileutils'require 'syslog'@log          = Syslog.open('patchhomedirmech')@target       = '/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle/Contents/MacOS/HomeDirMechanism'@backup_file  = '/private/var/root/HomeDirMechanism.backup'@newfile_path = '/private/var/root/HomeDirMechanism.new'def our_rescue(msg)  @log.notice(msg)  @log.close  exit 1end###################################################################### => MAIN###################################################################### Check UID (must be root)unless Process.euid == 0  raise "You must be root to execute this script."endbegin  @log.notice("Backing up file: #{@target}")  FileUtils.cp(@target, @backup_file)rescue => e  our_rescue("Error backing up file: #{e.message}")end @debug_strings = `/usr/bin/strings #{@target} | /usr/bin/grep "password.* = %s" 2> /dev/null`if @debug_strings  @debug_strings = @debug_strings.split("\n")else  our_rescue("Nothing to patch: target does not contain any relevant debugging strings")endbegin  @file    = File.read(@target)  @newfile = File.new(@newfile_path, 'w')rescue => e  our_rescue("Error loading file: #{e.message}")end    begin  @log.notice("Patching file: #{@newfile_path}")  @debug_strings.each do |string|    len = string.length    replacement = ''    len.times { replacement << "\000" }    @file.gsub!(string, replacement)  end  @newfile << @file  @newfile.flush  @newfile.closerescue => e  our_rescue("Error patching file: #{e.message}")endbegin  @log.notice("Replacing file: #{@target}")  FileUtils.rm_rf(@target)  FileUtils.move(@newfile_path, @target)rescue => e  our_rescue("Error replacing file: #{e.message}")endbegin  @log.notice("Nullfying security logs...")  raise unless system("cat /dev/null > /var/log/secure.log")  @log.notice("Removing archived security logs...")  logs = Dir.glob("/private/var/log/secure*.bz2")  logs.each { |log| FileUtils.rm(log) }rescue => e  our_rescue("Error deleting log(s): #{e.message}")end@log.notice("Done.")@log.closeexit 0

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.