{"id":26677,"date":"2019-09-25T16:37:55","date_gmt":"2019-09-25T20:37:55","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=26677"},"modified":"2021-06-30T16:36:30","modified_gmt":"2021-06-30T20:36:30","slug":"chrome-updater-bug-prevents-macs-from-booting","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/09\/25\/chrome-updater-bug-prevents-macs-from-booting\/","title":{"rendered":"Chrome Updater Bug Prevents Macs From Booting"},"content":{"rendered":"

Tim Hardwick<\/a> (Avid<\/a>, Hacker News<\/a>):<\/p>\n

Variety<\/a><\/em> reports this morning of a possible computer virus attack or critical software failure affecting Mac Pro workstations across Los Angeles.<\/p>

According to social media chatter, Hollywood Film and TV editors discovered late on Monday that “trashcan” Mac Pros running older versions of macOS and AVID’s Media Composer software were refusing to reboot after shutting down.<\/p><\/blockquote>\n\n

Mr. Macintosh<\/a> (Hacker News<\/a>):<\/p>\n

\n

After further investigation it was found that AVID was not the problem!<\/p>\n

[…]<\/p>\n

After investigation from some of the top minds in the MacAmins Slack Chat #varsectomy channel it was found that the Google Keystone Updater was at the heart of the issue.<\/p>\n<\/blockquote>\n\n

Google<\/a>:<\/p>\n

We recently discovered that a Chrome update may have shipped with a bug that damages the file system on macOS machines with System Integrity Protection (SIP) disabled, including machines that do not support SIP. We’ve paused the release while we finalize a new update that addresses the problem.<\/p>

[…]<\/p>

To recover a machine that has been affected by this bug, please boot into recovery mode<\/a><\/u>, and then from the Utilities menu open the Terminal application.<\/p>

In the Terminal application, you can run the following commands[…]<\/p><\/blockquote>\n\n

Rich Trouton<\/a>:<\/p>\n

\n

The now-pulled Keystone update attempts to remove the \/var<\/tt> symlink, which is usually protected by Apple’s System Integrity Protection (SIP) security feature.<\/p>\n

On Macs where SIP was disabled, this protection did not apply and the Keystone update was able to remove the \/var<\/tt> symlink. This symlink is not a directory itself, but points to another directory (\/private\/var<\/tt>) which contains software necessary for the operating system to boot and function correctly, so removing the \/var<\/tt> symlink rendered the affected Macs unbootable.<\/p>\n<\/blockquote>\n\n

Update (2019-09-26): Jeff Johnson<\/a>:<\/p>\n

\n

Something fishy with Google’s latest comment. Seems to be shifting the blame. Why act as if the updater doesn’t have root?<\/p>\n<\/blockquote>\n\n

John Gruber<\/a>:<\/p>\n

\n

Why in the world would a web browser’s software updater be doing anything at all at the root level of the boot volume? The arrogance and presumptuousness here boggles the mind. This is like hiring someone to wash your windows and finding out they damaged the foundation of your house.<\/p>\n<\/blockquote>\n\n

The other question is why in the world so many users would disable System Integrity Protection. The answer seems to be that it’s the only way macOS will let the AVID customers use third-party video cards.<\/p>\n\n

See also: Hacker News<\/a>.<\/p>\n\n

Update (2019-09-27): Jeff Johnson<\/a>:<\/p>\n

\n

People: Why does a web browser installer need to modify the system?!?<\/p>\n

Me: $ lsbom \/System\/Library\/Receipts\/com.apple.pkg.Safari13.0.1MojaveAuto.bom | grep \/System\/<\/code><\/p>\n<\/blockquote>\n\n

Jeff Johnson<\/a>:<\/p>\n

\n

The Google Keystone bug isn’t a justification for System Integrity Protection. In fact, if SIP didn’t exist, Google would most likely have noticed the bug before shipping it. So in a sense, SIP is partially to blame for the disaster.<\/p>\n<\/blockquote>\n\n

This is true, but it doesn’t mean SIP was a bad idea. Rather, SIP is treating the symptoms rather than helping to identify the causes. It certainly could<\/em> do more of the latter, e.g. if it maintained an audit log<\/a>. I don’t mean the gigabytes of console spew that we currently get for SIP and sandbox violations. Instead, there should be a friendly window that concisely shows what each app was thwarted from doing. The Chrome developer—or even Chrome users—would be able to see at a glance that it tried to delete the \/var<\/tt> folder 39 times and would then be able to ask why.<\/p>\n\n

Jeff Johnson<\/a>:<\/p>\n

\n

Every app outside the Mac App Store has to roll its own software updater. This is how we get software update problems. Apple has left this gaping hole in the system forever. Why is there no system process and API for 3rd party app updates?<\/p>\n<\/blockquote>\n\n

It’s a totally obvious idea that could have been done 20 years ago. And it would be more helpful today in that updating sandboxed apps is harder. But it’s also kind of a strategy tax. Making life better for directly sold apps (and their users) would cost services revenue and reduce the value proposition of the Mac App Store.<\/p>\n\n

Update (2019-10-13): To be clear, the Chrome updater only asked for root access if you enabled the option to Automatically update Chrome for all users<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"

Tim Hardwick (Avid, Hacker News): Variety reports this morning of a possible computer virus attack or critical software failure affecting Mac Pro workstations across Los Angeles.According to social media chatter, Hollywood Film and TV editors discovered late on Monday that “trashcan” Mac Pros running older versions of macOS and AVID’s Media Composer software were refusing […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-09-25T20:37:58Z","apple_news_api_id":"a3350cd9-7ea3-4f4a-9faf-0c79e7af0858","apple_news_api_modified_at":"2021-06-30T20:36:34Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABg==","apple_news_api_share_url":"https:\/\/apple.news\/AozUM2X6jT0qfrwx5568IWA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,456,30,32,1609,2088,53,158,1235],"class_list":["post-26677","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-googlechrome","tag-mac","tag-macapp","tag-macos-10-14","tag-macos-recovery","tag-sandboxing","tag-strategytax","tag-system-integrity-protection"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=26677"}],"version-history":[{"count":6,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26677\/revisions"}],"predecessor-version":[{"id":26863,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26677\/revisions\/26863"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=26677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=26677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=26677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}