Fix (and unfix) scripts for MOAB #5

0 views
Skip to first unread message

William A. Carrel

unread,
Jan 6, 2007, 1:33:18 AM1/6/07
to moab...@googlegroups.com
These two scripts armor the critical BOMs in /Library/Receipts and the
directory itself against MOAB-2007-01-05 while still allowing verify
and repair permissions to Do The Right Thing™.

bom-safety.py applies the protections
bom-unsafety.py reverses the whole process

The safety script does basically the following:
* Set the sticky bit on /Library/Receipts
* Set the sticky bit on the paths down to each of the critical BOMs
* Unset the group-write bit on the critical BOMs
* Create root-owned 0-length place holders for critical BOMs/paths
that don't exist
* Backup /Library/Receipts/BaseSystem.pkg/Contents/Archive.bom
* Make a 1-bit change to
/Library/Receipts/BaseSystem.pkg/Contents/Archive.bom that causes
"repair permissions" to keep the sticky bit set on /Library/Receipts
rather than removing it.
* Print a completed message

--
wac

bom-safety.py
bom-unsafety.py

Finlay Dobbie

unread,
Jan 6, 2007, 6:53:15 AM1/6/07
to moab...@googlegroups.com
On 06/01/07, William A. Carrel <will...@carrel.org> wrote:
> These two scripts armor the critical BOMs in /Library/Receipts and the
> directory itself against MOAB-2007-01-05 while still allowing verify
> and repair permissions to Do The Right Thing™.

Bear in mind that the permissions might get nobbled again if you
install Xcode Tools, X11 or anything which changes the "magic" boms.

-- Finlay

Reply all
Reply to author
Forward
0 new messages