lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 05 Apr 2007 11:41:09 -0500
From: <neal.krawetz@....hush.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: AN OUNCE OF PREVENTION...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I manage a heterogeneous network of computers. They range from an
old (but necessary) OS/2 box to various Windows and Linux releases,
as well as Mac, HP-UX, and Solaris. Knowing how to repair the
system is always critical, since you will eventually do something
stupid and hose the system. And "reinstall" is usually not a
desirable option, and I consider restoring from backups to be a
final course of action when there are no other options.

Each operating system has its own recovery method. In most cases,
if I can get to a command-prompt, then I can repair or recover
anything.

    * For Linux and BSD, there are plenty of "live CD" systems you
can use. Knoppix and Damn Small Linux (DSL) immediately come to
mind, but there are many others.

    * For Windows, I can either use Knoppix or the Windows recovery
disks. (However, I usually don't use the recovery disks for
anything except getting me to a working command prompt. Usually
"recovery" means "reset to factory default", and that is an
unacceptable solution to me.)

    * All of the Linux, BSD, and commercial Unix systems (e.g., HP-
UX and Solaris) have single-user modes for system repair, or have
Live CDs for getting to a command-prompt.

    * The OS/2 box is supported by the OS/2 installer's CD-ROM (or
floppy disks -- yes, OS/2 is old).

However, I recently screwed up my Macintosh system (running 10.3).
I was trying to optimize it and followed some bad advice from a
newsgroup. You see, there is a program called /usr/sbin/lookupd
that performs caching of things like DNS requests. Since I don't
need the system to cache DNS data, I disabled lookupd. Big mistake;
Don't do this! Without lookupd, you cannot run su or sudo in order
to become root and undo the change. Furthermore, if you reboot then
the login screen will hang.

If you screw up the system (like I did), then you have few options.
Knoppix cannot write to the HFS journaling file system (the default
OS X install) so you cannot undo the mistake via a Linux system.
While, I did find a few solutions that work, all require you to
have a second Mac handy. Some of the solutions:

    * Use the OS X install and repair CD to reset the system. This
will move the corrupt system out of the way and install a new OS.
This is a good last-ditch effort, but you will spend hours putting
back all of your customizations. Furthermore, I just needed to put
back lookupd so a complete reinstall seemed like overkill. ("Next!")

    * You can connect two Macs using a firewire cable. On the dead
one, boot it while holding "T" (right after the chime). This will
make it act like a firewall hard drive, allowing the good computer
to mount the drive. Then you can repair it. Unfortunately, I don't
have any 6-pin to 6-pin firewall cabled. ("Fuck!")

    * There are a variety of tools for creating a "Live CD" for Mac
OS X. Unfortunately, most cost money ($5 to $100 and up) and the
reader feedback makes it sound like your mileage may vary. I'm not
willing to drop even $5 on a solution that does not have a solid
track record of working. (Prospective employers have this same
attitude toward me, which is why I am now self employed and collect
welfare.)

    * Then I came across one good program: BootCD. This program
will create a Live OS X CD-ROM image and it allows you to select
the tools that you want on the system. I selected the Terminal (for
the needed command-prompt), Console, System Profiler, and Safari.
It's slow -- on my iMac it took nearly an hour to build the base
image and 10 minutes per application selected -- but it did create
an image, and you only need to do this once. Unfortunately, my iMac
only has a CD/DVD reader, and not a writer.

          o I transferred the image to my Ubuntu system (calling
the file emergency.iso).

          o Although the graphical Nautilus "Write to Disc" option
said it was not an ISO, I was able to burn it using cdrecord: sudo
cdrecord -blank=fast emergency.iso.

          o I put the Live CD in the dead Mac and booted with the
Option key pressed. This gave me a choice of boot media, listing
the dead hard drive and the Live CD.

          o I selected the CD option and booted off it! (I really
like software that works as advertised.)

The CD is definitely not optimized; you could hear the drive
thrashing as it went seeking sectors. However, after a few minutes
it did boot! The Terminal application was in the toolbar and opened
to a root prompt. The dead hard drive was already mounted at
/Volumes/Macintosh HD (use df to see where it is mounted). I was
quickly able to fix lookupd (Yes, all of this just so I could run
chmod a+x lookupd.) One more reboot off the fixed hard drive and
the system was back to normal.

If you happen to have a Mac running 10.1, 10.2, or 10.3, I strongly
recommend using BootCD to create a Live CD before you need it. With
any luck, you will never need to use this disk. But when you screw
up, you will be glad you have it. (Unfortunately, BootCD does not
work with 10.4. I suspect that you can create a 10.3 CD and use it
for repairing 10.4 systems.)

All of the tools that create Live CDs for the Mac require a running
operating system. For this reason, people do not distribute live CD
images. Doing so would violate Apple's copyright on their operating
system since you would be distributing Apple's code.

- - Dr Neal Krawetz, PhD.
  Author of "Installing Ubuntu from CD Using Graphical Interfaces"
and "A Complete Idiot's Guide to Appletalk for Urban Youth"

Read my blog at http://www.hackerfactor.com/blog/ !
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkYVJlEACgkQDpFP8dW5K4ZgSwQAkPxa7AZXskRDwDJcsN7ooPvMI7sO
ezZj9R7x8fOaNXDq9pekNzvVaw4WcrJM25i6/KPIaBqgYL02Ro3g41s8/SHhAWVV+Nvm
eFSRt0w1F0Eqt0iv/f2Jh68itw6eZJx3ecv/sZ+a5Hv2hLemBpLV+wXTyhUXaeKEBfeS
3Tz6khY=
=m/n9
-----END PGP SIGNATURE-----

--
Does your back hurt? Click for huge discounts on ergonomic chairs
http://tagline.hushmail.com/fc/CAaCXv1NXSnaFbRxdlE3JyMbMkOMIvCg/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ