Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1

Repair file sharing after Security Update 2017-001 for macOS High Sierra 10.13.1(support.apple.com)

107 points by kylesethgray 8 years ago | 45 comments

bichiliad 8 years ago |

I seriously can't imagine how much pressure engineers at Apple were to ship this patch. Considering they tend to ship infrequently, I doubt they have the sort of QA turn-around that'd support emergency releases.

Remember that:

  - They learned about this yesterday

  - They had as much heads up as the general public did

  - They are a large company.

I don't disagree that the apparent QA quality from Apple software isn't what it used to be, but we all have to take these sorts of things with a grain of salt. I've certainly been in situations like this before.

Spooky23 8 years ago | |

I feel bad for the engineers, but seriously screw Apple on this. They have an overcomplicated setup with little internal Kerberos implementations on every Mac to make peer to peer networking easier.

If it’s like everything else, it’s probably ancient and crufty. The dude who wrote it probably cashed out years ago. Some engineer rushed through and made the original worst-case-scenario error, and the guys cleaning up the mess made this error, which is understandable given the severity of the problem.

For a company like Apple that prints money, it’s irresponsible and reflective of a broken engineering process. Personally I’m angry about this because on iOS, we’re 100% dependent on their engineering process to protect my customer’s data. Hopefully that trust is well placed.

If they don’t want to maintain Macs, don’t make them.

szc 8 years ago | | |

I designed and implemented quite lot of the LocalKDC mechanism - um, roughly about 11-12 years ago now I think. At the time it was based on the MIT version of Kerberos. When Apple switched to using Heimdal, the LocalKDC implementation was updated and it has been maintained since then - I am no longer the maintainer of this software. I haven't cashed out.

As to why the LocalKDC exists? How can you do secure peer-to-peer authentication without relying on some sort of global (and broken) or private PKI infrastructure? SRP wasn't an option at the time.

I am sorry you are upset. Apple is really, really serious about protecting customer data. I encourage the reading of the Apple iOS Security Guide - it describes hardware and software techniques used to protect your data. There is also the 2016 Blackhat presentation by Ivan Krstic that gives more insight into the Secure Enclave.

digi_owl 8 years ago | | |

It seems that whenever one attempts to make something easier on the surface, the complexities underneath expand cubically.

mmjaa 8 years ago | |

The thing that really shocks me about this incident is that, basically checking that "root cannot be logged in under any unusual circumstances" is a fundamental, basic test of any OS development group, and there must have been at least 2 decades of this test running somewhere internally at Apple, and .. somehow .. thats not happening.

Like, I seriously hope this was just an oversight in the testing system somehow - but I'm really rather concerned that Apple is not testing these things as rigorously as it should be/used to be.

This is such a fundamentally corrupt security issue that we all have to increase our levels of suspicion over the QA team at Apple. Truly a shocking hole.

roblabla 8 years ago | |

The fact they learned this only yesterday is amazingly stupid to start with. People were talking about this weeks ago on the Apple Forums, as a "neat trick" : https://twitter.com/fristle/status/935670476214378496. Surely a moderator should have noticed something was wrong at that point.

This is a major fuckup the kind of which should be illegal.

tzs 8 years ago | | |

> People were talking about this weeks ago on the Apple Forums, as a "neat trick"

Aren't Apple forums mostly meant as self-help forums, with minimal monitoring by Apple?

It looks like one person posted it two weeks ago, not as a bug or security problem but as a solution to the problem that the original poster had, not realizing it was a bug. People didn't seem to notice it and start talking about it there until yesterday.

I would guess that any developers at Apple that check the developer forums just look at the first post to see what problems people are reporting, and a few of the replies to see if others are seeing the problem and see what workarounds people have found.

In this particular thread that first post was in June, and by early July someone had posted a fix. Some people had trouble with that and someone posted a more detailed fix in the middle of October.

I doubt any developers would be still following that thread on November 13th, when the root bug was posted.

As far as moderators go, I'd expect that they just skim the posts to make sure they don't violate any major rules.

mikeash 8 years ago | | |

One person mentioned it in a forum thread. Apparently nobody involved in the conversation realized the implications of it, and I don’t think anybody in the thread works for Apple.

blinkingled 8 years ago | |

If you ship an OS that runs your premium+ pricey hardware one of the onuses on you is to be able to quickly respond to catastrophic bugs and security issues without introducing new ones.

That's why you hire best engineers, product managers and QA people and establish processes that let you do exactly that. Trouble is Apple's treating everything like toys nowadays.

Surprising though how many people are willing to give a free pass to an almost trillion dollar company.

Also you realise Apple's asking their customers to run terminal commands - even MS has fixits that just do it :)

9935c101ab17a66 8 years ago | | |

What do you mean a "free pass"? Apple has been (rightly) grilled over this.

Also, though the patch does introduce this new bug, it's hardly a show-stopper, it has a simple fix, it will likely affect a tiny percentage of users, and I'm sure be resolved in a future release.

apostacy 8 years ago | |

This is why I am so glad I did not update to High Sierra. It obviously is not ready.

ams6110 8 years ago | | |

It's like they are the old Microsoft: never take a new version until after the first service pack.

protomyth 8 years ago | | |

I tried on our Mac mini servers but High Sierra won’t upgrade on a system running RAID 1. Saved some trouble today but it will be a pain if they don’t fix that bug too.

Piskvorrr 8 years ago | |

- They learned about this yesterday

Nope.

- They had as much heads up as the general public did

I.e. two weeks.

- They are a large company.

That's a point to their discredit. For a garage op, this would be acceptable.

mikeash 8 years ago | | |

Except for one random guy on an old forum thread, everybody found out about the bug two days ago.

melling 8 years ago | |

High Sierra bricked my 2010 iMac.

Haven’t even bothered to try and repair it. It shipped with one of those crappy slow HD’s Apple used to save money.

tinus_hn 8 years ago | | |

> Haven’t even bothered to try and repair it.

Then what are you complaining about? It isn’t magic, things do break sometimes.

natch 8 years ago | | |

Expecting a 2010 Mac to work with 2017 software (which I infer from your bothering to post here) seems a bit of a stretch. And all hard drives were slow back then. Any variance between models then is lost in the noise when comparing against SSDs, which were not generally available in 2010.

But it should definitely refrain from bricking the machine... that’s a bummer.

mberning 8 years ago |

From a quality standpoint Apple is a shadow of its former self. For me a large number of the more recent features in macOS and iOS don’t work reliably. Things like handoff, text message forwarding, enabling tethering from the Mac, etc. are 50/50. These kind of things used to be Apples bread and butter. Taking ideas like these and making them “just work”. And now the security regression are creeping in. I would love to see them get back to very simple product lines and a more minimalist approach to software features.

masterleep 8 years ago | |

Handoff is definitely a weird one. I don't think I've ever gotten it to do anything useful. Its functionality is seemingly limited to popping up a random icon to the left of the dock from time to time to distract me.

excalibur 8 years ago |

Quick show of hands, who here is surprised that this patch broke something?

acoye 8 years ago | |

I am not, Yet given the public disclosure and the criticality of the issue, they took the most pragmatic approach.

mikeash 8 years ago | |

I’m a bit surprised that this is all it broke, given how quickly the patch was released.

k_sze 8 years ago |

The article says “if file sharing doesn’t work”, but is it ok to just run this command line fix anyway?

I’m not sure if file sharing is broken for me. I don’t use it right now. But I’m afraid I might run into this bug in the future when I eventually use file sharing, and then I will have forgotten about this fix, and end up spending hours scratching my head and head-desking.

evansj 8 years ago | |

According to configureLocalKDC(1):

"The script is non-destructive and can be run multiple times."

rbinv 8 years ago | |

My thoughts exactly. I executed it just in case.

cmlndz 8 years ago |

I think this shows the poor state of Apple’s QA. Theorically there should be a list of predefined tests with a binary output, to pass the test or not. Before deploying anything, tests must be run and passed. It seems the procedure is very human-dependant.

LCDninja 8 years ago |

Seriously!

I can’t even install 10.13.1 on my Mac Pro 2013 - computer acts like its bricked until rebooted a number of times (and when it finally boots we’re back at 10.13).

This also means I can’t install the latest security update that fixes the root problem (and yes, i’ve changed the root password to mitigate).

OSX is becoming more like Windows every day.

jason_slack 8 years ago | |

Me too!!. I was almost ready to wipe and reload.

pwinnski 8 years ago |

This is why it should take more than 24 hours to put out a patch for an operating system.

gpm 8 years ago | |

When the choice is between "allow public, easy, possibly remote, root access" or "maybe deal with a bit of inconvenience fixing the fix" I'll take the second one.

yuhong 8 years ago |

I remember the emergency Java patch after Flashback. I think it also had an issue.

nkkollaw 8 years ago |

What a mess.

nixpulvis 8 years ago |

I guess now we get to see where all the holes in apples fucking automated tests are... meanwhile I'm happily running Arch ;)