Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1
support.apple.comI seriously can't imagine how much pressure engineers at Apple were to ship this patch. Considering they tend to ship infrequently, I doubt they have the sort of QA turn-around that'd support emergency releases.
Remember that:
- They learned about this yesterday
- They had as much heads up as the general public did
- They are a large company.
I feel bad for the engineers, but seriously screw Apple on this. They have an overcomplicated setup with little internal Kerberos implementations on every Mac to make peer to peer networking easier.
If it’s like everything else, it’s probably ancient and crufty. The dude who wrote it probably cashed out years ago. Some engineer rushed through and made the original worst-case-scenario error, and the guys cleaning up the mess made this error, which is understandable given the severity of the problem.
For a company like Apple that prints money, it’s irresponsible and reflective of a broken engineering process. Personally I’m angry about this because on iOS, we’re 100% dependent on their engineering process to protect my customer’s data. Hopefully that trust is well placed.
If they don’t want to maintain Macs, don’t make them.
I designed and implemented quite lot of the LocalKDC mechanism - um, roughly about 11-12 years ago now I think. At the time it was based on the MIT version of Kerberos. When Apple switched to using Heimdal, the LocalKDC implementation was updated and it has been maintained since then - I am no longer the maintainer of this software. I haven't cashed out.
As to why the LocalKDC exists? How can you do secure peer-to-peer authentication without relying on some sort of global (and broken) or private PKI infrastructure? SRP wasn't an option at the time.
I am sorry you are upset. Apple is really, really serious about protecting customer data. I encourage the reading of the Apple iOS Security Guide - it describes hardware and software techniques used to protect your data. There is also the 2016 Blackhat presentation by Ivan Krstic that gives more insight into the Secure Enclave.
Thanks for replying. Sorry if I was throwing too much vitriol and no personal affront was intended.
I had a real bad day yesterday... my customers were freaking out about this particular issue. I recall doing some enterprise Mac rollouts back in the Tiger days and you'd see alot of changes as support for things like AD evolved.
Apple has really good communications and documentation around iOS, which comes through in the iOS Security Guide, which is probably one of the best examples of that type of documentation. That hasn't been the case with MacOS, and its mysterious evolution, which feels pretty capricious from a customer POV at times. End of the day, I get paid to turn money + labor into answers to business problems -- Mac has turned into a wildcard for me, which saddens me as I love the platform.
> Apple iOS Security Guide
that goes perfectly with the trending feeling that iOS gets all the love while OSX sits on the back burner.
I personally see that the mac is getting lots and lots of love! Not my place to say more than that.
I pointed to this resource due to the concern expressed about iOS.
It seems that whenever one attempts to make something easier on the surface, the complexities underneath expand cubically.
The thing that really shocks me about this incident is that, basically checking that "root cannot be logged in under any unusual circumstances" is a fundamental, basic test of any OS development group, and there must have been at least 2 decades of this test running somewhere internally at Apple, and .. somehow .. thats not happening.
Like, I seriously hope this was just an oversight in the testing system somehow - but I'm really rather concerned that Apple is not testing these things as rigorously as it should be/used to be.
This is such a fundamentally corrupt security issue that we all have to increase our levels of suspicion over the QA team at Apple. Truly a shocking hole.
The fact they learned this only yesterday is amazingly stupid to start with. People were talking about this weeks ago on the Apple Forums, as a "neat trick" : https://twitter.com/fristle/status/935670476214378496. Surely a moderator should have noticed something was wrong at that point.
This is a major fuckup the kind of which should be illegal.
> People were talking about this weeks ago on the Apple Forums, as a "neat trick"
Aren't Apple forums mostly meant as self-help forums, with minimal monitoring by Apple?
It looks like one person posted it two weeks ago, not as a bug or security problem but as a solution to the problem that the original poster had, not realizing it was a bug. People didn't seem to notice it and start talking about it there until yesterday.
I would guess that any developers at Apple that check the developer forums just look at the first post to see what problems people are reporting, and a few of the replies to see if others are seeing the problem and see what workarounds people have found.
In this particular thread that first post was in June, and by early July someone had posted a fix. Some people had trouble with that and someone posted a more detailed fix in the middle of October.
I doubt any developers would be still following that thread on November 13th, when the root bug was posted.
As far as moderators go, I'd expect that they just skim the posts to make sure they don't violate any major rules.
On one part, I agree. On another, Average DevJoe on the Apple dev forums knew about it two weeks ago. It's scary to think about how many bad actors have known about it, and might have weaponized it given it is wormable, during that timeframe.
I agree with you, but I'm also curious if the techniques that are making progress in other areas (e.g. machine learning) could be used to extract meaningful data from these forums. Most bugs won't be as obvious as "login as root without password" but I imagine there is substantial signal within the noise.
One person mentioned it in a forum thread. Apparently nobody involved in the conversation realized the implications of it, and I don’t think anybody in the thread works for Apple.
If you ship an OS that runs your premium+ pricey hardware one of the onuses on you is to be able to quickly respond to catastrophic bugs and security issues without introducing new ones.
That's why you hire best engineers, product managers and QA people and establish processes that let you do exactly that. Trouble is Apple's treating everything like toys nowadays.
Surprising though how many people are willing to give a free pass to an almost trillion dollar company.
Also you realise Apple's asking their customers to run terminal commands - even MS has fixits that just do it :)
What do you mean a "free pass"? Apple has been (rightly) grilled over this.
Also, though the patch does introduce this new bug, it's hardly a show-stopper, it has a simple fix, it will likely affect a tiny percentage of users, and I'm sure be resolved in a future release.
OP did give them a pass pretty much. Also saw Jean Louise Gassee trivialize it by claiming it only affects techies looking deeper!
But ok, fair enough - I think mostly they did get grilled - just bugged me that few people found ways to justify it! :)
This is why I am so glad I did not update to High Sierra. It obviously is not ready.
It's like they are the old Microsoft: never take a new version until after the first service pack.
It's been that way for macOS since Leopard. They'd introduce regressions all the time --and their SMB client is awful. Never trusted it till like a .3 version.
I tried on our Mac mini servers but High Sierra won’t upgrade on a system running RAID 1. Saved some trouble today but it will be a pain if they don’t fix that bug too.
- They learned about this yesterday
Nope.
- They had as much heads up as the general public did
I.e. two weeks.
- They are a large company.
That's a point to their discredit. For a garage op, this would be acceptable.
Except for one random guy on an old forum thread, everybody found out about the bug two days ago.
Well then. yakketysax.mid
https://www.wired.com/story/macos-update-undoes-apple-root-b...
How much more is needed to pop the Apple Reality Distortion Field?
High Sierra bricked my 2010 iMac.
Haven’t even bothered to try and repair it. It shipped with one of those crappy slow HD’s Apple used to save money.
> Haven’t even bothered to try and repair it.
Then what are you complaining about? It isn’t magic, things do break sometimes.
Expecting a 2010 Mac to work with 2017 software (which I infer from your bothering to post here) seems a bit of a stretch. And all hard drives were slow back then. Any variance between models then is lost in the noise when comparing against SSDs, which were not generally available in 2010.
But it should definitely refrain from bricking the machine... that’s a bummer.
Apple list 2009 iMacs as compatible with High Sierra so I don’t think it’s a stretch to expect it to work, no.
https://www.apple.com/macos/how-to-upgrade/#hardware-require...
I've got Windows 10 installed and working on a 2006 MacBook 1,1. It just got an update to 1709 Fall Creators Update, and still gets the usual weekly security patches. Something is awry when Microsoft is able to provide support & security patches for Apple devices longer than Apple itself.
It’s supported so it’s not a bit of a stretch.
SSD’s were generally available but extremely expensive from Apple so I went for the extra space on the desktop. For some reason Apple makes it difficult to upgrade their hard drives. I bought an SSD MacBook Pro at the same time. It was much faster with only a Core i5 vs the iMac’s i7. Barely used now because I bought another laptop in 2013.
Now, I wanted to wait for the next Intel refresh. No point in getting less than 32GB in a laptop in 2018 when I got 16gb in 2013. Because of the slow change in Intel revs, I’m probably better off cracking open my 2010 iMac and putting in an SSD.
Hey, thanks for taking me back and explaining how it was “back then”. I miss the late 90’s back then when I spent $800 on several hundred megabytes of 10,000 rpm Cheetah SCSI drive, and had that thing screwed in within 5 minutes.
The bottom line is you will basically live with your Apple hardware as you bought it for 5-10 years. Better buy at the proper Intel revision and get the upgrades at purchase. That 1 port on your new MacBook Pro won’t go far
From a quality standpoint Apple is a shadow of its former self. For me a large number of the more recent features in macOS and iOS don’t work reliably. Things like handoff, text message forwarding, enabling tethering from the Mac, etc. are 50/50. These kind of things used to be Apples bread and butter. Taking ideas like these and making them “just work”. And now the security regression are creeping in. I would love to see them get back to very simple product lines and a more minimalist approach to software features.
Handoff is definitely a weird one. I don't think I've ever gotten it to do anything useful. Its functionality is seemingly limited to popping up a random icon to the left of the dock from time to time to distract me.
Quick show of hands, who here is surprised that this patch broke something?
I am not, Yet given the public disclosure and the criticality of the issue, they took the most pragmatic approach.
I’m a bit surprised that this is all it broke, given how quickly the patch was released.
The article says “if file sharing doesn’t work”, but is it ok to just run this command line fix anyway?
I’m not sure if file sharing is broken for me. I don’t use it right now. But I’m afraid I might run into this bug in the future when I eventually use file sharing, and then I will have forgotten about this fix, and end up spending hours scratching my head and head-desking.
According to configureLocalKDC(1):
"The script is non-destructive and can be run multiple times."
My thoughts exactly. I executed it just in case.
I think this shows the poor state of Apple’s QA. Theorically there should be a list of predefined tests with a binary output, to pass the test or not. Before deploying anything, tests must be run and passed. It seems the procedure is very human-dependant.
Seriously!
I can’t even install 10.13.1 on my Mac Pro 2013 - computer acts like its bricked until rebooted a number of times (and when it finally boots we’re back at 10.13).
This also means I can’t install the latest security update that fixes the root problem (and yes, i’ve changed the root password to mitigate).
OSX is becoming more like Windows every day.
Me too!!. I was almost ready to wipe and reload.
This is why it should take more than 24 hours to put out a patch for an operating system.
When the choice is between "allow public, easy, possibly remote, root access" or "maybe deal with a bit of inconvenience fixing the fix" I'll take the second one.
I remember the emergency Java patch after Flashback. I think it also had an issue.
What a mess.
I guess now we get to see where all the holes in apples fucking automated tests are... meanwhile I'm happily running Arch ;)