随着Mac OS X 10.7.4版本的发布,苹果在这个升级版中更正了前文中所述的安全隐患。这是一个好消息,也是苹果比较快地修正bugs的一个好的开端。而且也是它正式承认该隐患的存在,详见:OS X Lion v10.7.3: User account passwords appear in log files for Legacy FileVault, and/or network home directories。
其实,至于该隐患是不是如Apple自己所说的,只有在处理老版本FileVault和网络用户时才出现,或者是其它时候也会,业界的技术员们还在进行深入探讨,而且也在讨论自己的解决方案,比如在不安装升级版本的情况下如何解决这个隐患,特别是10.7.4系统在没有声明或者指示的情况下,变更了一些系统的设置,比如登录界面的背景,目前就无法使用10.7.3以前的方法变更,这个给好多企业用户带来了麻烦,因为他们很多,使用自己定制的背景图,无论是显示系统信息,还是企业信息等,至少这是一个很好企业用户展示的手段,这也是好多管理员抱怨的,Apple不理会/忽略企业用户的一个原因。
至少,目前为止,已经有人发现了一点该隐患的端倪,使用下面的方法之一,可能会避免系统记录用户密码:
Per Olofsson的方法:
xport TARGET="/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle/Contents/MacOS/HomeDirMechanism"
sudo cp "$TARGET" "$TARGET.bak"
sudo perl -p -i -e 's/passwordAsUTF8String = %s/passwordAsUTF8String = %p/g' "$TARGET"
sudo perl -p -i -e 's/password = %s/password = %p/g' "$TARGET"Brian Warsing 的方法:
#!/usr/bin/ruby
# This code comes with no guarantees and it is not a "fix", just a workaround.
# It would be trivial to replace the patched file and restore these debugging messages.
# Also, this script modifies a Mac OS X System file, so...
require 'etc'
require 'fileutils'
require 'syslog'
@log = Syslog.open('patchhomedirmech')
@target = '/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle/Contents/MacOS/HomeDirMechanism'
@backup_file = '/private/var/root/HomeDirMechanism.backup'
@newfile_path = '/private/var/root/HomeDirMechanism.new'
def our_rescue(msg)
@log.notice(msg)
@log.close
exit 1
end
#####################################################################
# => MAIN
#####################################################################
# Check UID (must be root)
unless Process.euid == 0
raise "You must be root to execute this script."
end
begin
@log.notice("Backing up file: #{@target}")
FileUtils.cp(@target, @backup_file)
rescue => e
our_rescue("Error backing up file: #{e.message}")
end
@debug_strings = `/usr/bin/strings #{@target} | /usr/bin/grep "password.* = %s" 2> /dev/null`
if @debug_strings
@debug_strings = @debug_strings.split("\n")
else
our_rescue("Nothing to patch: target does not contain any relevant debugging strings")
end
begin
@file = File.read(@target)
@newfile = File.new(@newfile_path, 'w')
rescue => e
our_rescue("Error loading file: #{e.message}")
end
begin
@log.notice("Patching file: #{@newfile_path}")
@debug_strings.each do |string|
len = string.length
replacement = ''
len.times { replacement << "\000" }
@file.gsub!(string, replacement)
end
@newfile << @file
@newfile.flush
@newfile.close
rescue => e
our_rescue("Error patching file: #{e.message}")
end
begin
@log.notice("Replacing file: #{@target}")
FileUtils.rm_rf(@target)
FileUtils.move(@newfile_path, @target)
rescue => e
our_rescue("Error replacing file: #{e.message}")
end
begin
@log.notice("Nullfying security logs...")
raise unless system("cat /dev/null > /var/log/secure.log")
@log.notice("Removing archived security logs...")
logs = Dir.glob("/private/var/log/secure*.bz2")
logs.each { |log| FileUtils.rm(log) }
rescue => e
our_rescue("Error deleting log(s): #{e.message}")
end
@log.notice("Done.")
@log.close
exit 0
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
