Category Archives: Apple

MyBook World Edition – Time Machine – OSStatus Error 2

If Time Machine is unable to connect to your backup disk with an error message containing “OSStatus Error 2″, then check the permissions on your NAS.

SSH as root into your MBWE and check the permissions for /var and /var/lib.

Use chmod 755 on /var and /var/lib to apply the correct permissions.

Use the Time Machine System Preferences to set your backup disk to your MBWE.

Disabling Ethernet Prevents Mac OS X From Waking

Problem: When MacBook lid is closed, fan continues to spin and MacBook becomes very hot.

Description: When in use the MacBook fan behaves as expected. On closing the lid to put the MacBook sleep, the fan continues to spin and the base of the machine becomes very hot.

Opening the lid displays a black screen. No mouse or login screen displayed. Fan continues to spin at what seems to be maximum RPM. Closing the lid again does not stop the fan from spinning.

Only available option is to hold the power button to shut down the system.

On pressing the power button to restart the system, the MacBook starts, displays grey start up screen for a second or two and then restarts automatically. MacBook then starts normally.

Once the user logins, the system works as normal again. Putting the system to sleep, causes the problem to reoccur.

Solution: The user deactivated the Ethernet interface within System Preferences -> Network. Reactivating the Ethernet interface and restarting the machine resolved the problem.

(Who’d have thought that disabling the Ethernet interface would prevent the system from sleeping? Certainly not me when I decided to do so.)

Cool iTunes Grid View Tip

I’ve spent the last couple of days updating my iTunes library. Updating track and album info, finding album art, that kind of thing. Took me quite a few hours to get everything organised the way I wanted it, but it’s finally done.

One thing I did notice is that if you use the Grid View and go to Genres, you’ll see the iTunes default logos for each genre of music that you have in your library.

iTunes Genres Default Logos

iTunes Genres Default Logos

That’s not the cool thing though. Move your mouse left and right over the logo, and iTunes will display the album art for each album in that genre.

iTunes Showing Album Covers

iTunes Showing Album Covers

See? Cool!

First Trojan Based on ARDAgent Root Exploit

Secure Mac are reporting that they have found a trojan designed to take advantage of the ARDAgent root exploit that I posted about previously.

The Trojan dubbed “AppleScript.THT” allows the remote attacker full access to the system, steals usernames and passwords, hides by turning off system logging, opening firewall ports and can also be used to install key logging software, take pictures using the inbuilt iSight and to enable file sharing.

The Trojan come as either a compiled AppleScript titled ASthtv05 or as a disc image called ASthtv_06. In both cases, the files have to be downloaded and executed by the user. At the moment, the Trojan does not take advantage of any other Mac vulnerabilities to automatically infect new machines – but that’s probably only a matter of time.

Secure Mac are advising Mac users to use MacScan to protect themselves against the threat. Or you could just stop the ARDAgent service from running scripts as root.

Temporary Fix for ARDAgent Root Privilege Escalation

If you’re worried about the security problem with Apples Remote Desktop Sharing that I posted about yesterday, but still want to use the service, then here’s a quick solution:

Open Terminal and type, all on one line, the following command:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/
ArdAgent.app/Contents/MacOS/ARDAgent

Now if you use,
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'you should get your own username back.

Mac OS X – Gain Root Privileges Through AppleScript

A serious security hole has been found in Mac OS X – both Leopard and Tiger are affected. The exploit allows someone with physical access to a Mac to run programs as the Root user.

The exploit uses the Apple Remote Desktop, (ARDAgent), application to execute a shell script. When the shell script is executed it is done so as Root. To test this, type the following command in Terminal:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

This command works even if Remote Desktop Sharing is disabled and the Root user is disabled in the Directory Utility. However, it will only work if the user is logged into the computer. It will not work if Fast User Switching has been used.

As this is a brand new exploit there is no fix as of yet.

Finally – Mac OS Update 10.5.2 is here

It’s been a long wait for Leopard users, but 10.5.2 is now available from software update or from the Downloads section of the Apple website.

The full list of fixes contained within the update is available here.

At 180MB the update isn’t as large as originally predicted.

Update: After downloading the 10.5.2 update, there’s another update available via Software Update – Leopard Graphics Update. The update is also available from Apple Downloads here.

The Quick Way to Connect to a Network Drive using Mac OS 10.5 Leopard

I’ve posted a few times about the problems I’ve had connecting to a network drive using Leopard. Previously I posted about how Leopard was able to connect to a network drive, but wouldn’t show the contents of the shared folder. After a lot of testing, and a bit of luck, I followed that up with a post on how I was able to browse the folders on my network drive. Now, I’ve found a way to connect to my network drive and browse the folders almost immediately. Although this method may sound a bit convoluted, there are just four steps. As I only have my MacBook to test with, I can’t guarantee that this will work for you, but I don’t see any reason why it shouldn’t.

Step One

Connect to your network drive in the usual manner. Either use the Command-K shortcut, or from the Menu Bar use Go -> Connect to Server. In either case, you’ll be presented with a Connect to Server dialog box. The server address should be specified as:

smb://network.drive.ip.address

Click the Connect button and wait for Finder to connect to your network drive. If you have more than one shared folder set up on the drive you’ll be prompted for the folder that you want to connect to. Once Leopard has connected to the shared folder a new Finder window should open.

Step Two

Open Terminal from Applications -> Utilities -> Terminal. At the prompt, type the following command:

sudo smbclient -L NETWORK_DRIVE_NAME

The NETWORK_DRIVE_NAME refers to the the Windows name for your drive and is usually set using the configuration interface for the drive – this may be a web interface or an application, the exact details will depend on your specific drive. When you press Return, you’ll be prompted for your password. Type your password and press Return again. When you run this command, you should get a response like this:

Receiving SMB: Server stopped respondingsession request to NETWORK_DRIVE_NAME failed (Call returned zero bytes (EOF))Receiving SMB: Server stopped respondingsession request to *SMBSERVER failed (Call returned zero bytes (EOF))

Although the Samba Client returns with an error message, don’t worry, you’re still on track to be able to browse the drive contents.

Step Three

Restart the Finder. This is achieved by typing the following command in Terminal:

sudo killall Finder

Once this command has been entered, the Leopard Finder will restart. You’ll notice that your Desktop icons disappear, as will any open Finder Windows. Your Desktop icons should reappear almost immediately.

Step Four

Repeat Step Three:

sudo killall Finder

Open a Finder Window, and under the Shared section your network drive should be listed. Click the drive name, and then double-click the shared folder name. You should now be able to browse the contents of the drive.

Important Notes

  • I don’t know why, but the Finder has to be restarted twice for this work.
  • The Terminal commands must be run using sudo or as root (using su), even if you are logged in as an adminsitrator. If you are an administrator, you’ll be able to run the smbclient command and the killall command, but the process just won’t work.
  • I have no idea why this works, or how, I just know that it does work for me.
  • I’d recommend that you close all open programs while doing this, just in case. Using the killall command may have some strange effects on open programs, or lead to system instability.
  • Once again, I haven’t been able to test this on any other system other than my own, so your milage may vary.