When I check preferences with applejack, I am seeing it say that 1 system file is corrupt. It is "./cov.apple.systemloginitems.plist" and Applejack tells me that it is moving it to "/Library/preferences (corrupt). However, I am then told that it is not allowed.
When I reboot I see the folder called "/Library/preferences (corrupt)" is created, but the folder is empty.
Correction (there does not seem to be a way to edit a posting?):
Of course I meant a file /Library/Preferences/com.apple.SystemLoginItems.plist
and it is the folder /Library/Preferences/ where admin and world have write access, to the folder /Library/ admin has write access.
Could you post the applejack log file, located at /var/log/applejack.log? It will let me see exactly what applejack said it did. Thanks.
Can you please delete my previous posting showing my complete AppleJack log. I am concerned about possible passwords possibly being listed in all that junk. Of course, can you check the part pertinent to my issue before you delete the whole log. Thanks.
I'm not sure your post can be completely deleted by the sourceforge.net forums. I clicked the "delete" button next to your post, and the message I got was that the message had been hidden. Hopefully that means it will be hidden from everybody.
i didn't see anything in the log file that struck me as an issue regarding security.
I have e-mailed the log to ultramathman, who was helping you with the issue.
Would you mind doing the following command in your terminal (if you know how).
$ ls -al /Library/Preferences/com.apple.systemloginitems.plist
We would need to see what your ownership is set to. You should see something like:
$ ls -al /Library/Preferences/com.apple.SystemLoginItems.plist
-rw-r--r-- 1 root admin 260 Sep 14 2006 /Library/Preferences/com.apple.SystemLoginItems.plist
i copy and pasted it in Terminal and hist Enter and I get "Command not found"
ok I did the Terminal thing again and got this:
Last login: Sat Dec 27 20:20:37 on console
gregory-martinezs-imac:~ gmartinez$ ls -al /Library/Preferences/com.apple.systemloginitems.plist
-rw-r--r-- 1 root admin 0 Aug 6 00:41 /Library/Preferences/com.apple.systemloginitems.plist
Can you send me the com.apple.systemloginitems.plist file in an e-mail? I'll send you an e-mail directly that you can respond to. That way I can test it and see whether it actually is corrupt.
You probably copied and pasted the initlal "$ " with it. The command starts with "ls".
Er, I mean, you can send me an e-mail to the address listed on this page: https://sourceforge.net/users/kwidholm/
I tried opening and testing your .plist, and it's blank, so it would definitely be considered corrupt. It's an interesting case.
I put the file you sent me in /Library/Preferences and AppleJack did mark it as corrupt, as expected. However, it also successfully moved it to /Library/Preferences (Corrupt).
The only thing I can imagine at the moment is that something odd is going on with your hard disk.
Suggestions? What if I were to delete it?
I found a forum where others are discussing the same exact issue I have;
BTW, file I sent you was not locked. It is locked on my system.
From what I've been able to find, it's not something you should be too worried about (mostly because there's not much you can do about it). The file should be safe to delete provided no application is using it, which seems to be the case since it's empty; it was formally used by programs such as Timbuktu.
MacShadows has an interesting entry on that plist.
Well, I deleted it. However, upon rebooting the exact same file was created. It is just like the file I deleted. It is locked. Has no contents. AppleJack reports it as corrupted, just like the one I deleted.
I may have information that sheds some light on this issue.
I had a file /Library/com.apple.SystemLoginItems.plist that had some content, that was not locked and that AppleJack did not consider corrupted.
Owner: root r/w
Group: admin r
Key: Root, Type: Dictionary, Value: (1 item):
Key: AutoLaunchedApplicationDictionary, Type: Array, Value: (0 items)
I moved the file from the /Library/ folder to my Desktop (admin and world have write acces to the /Library/ folder) and I restarted my Mac.
There is now a new file /Library/com.apple.SystemLoginItems.plist which is empty (0 bytes) and which is locked.
Owner: root r/w
Group: wheel r
(After this experiment I will now put the original file back in place.)
Let's hope Apple has plugged this vulnerability since this issue was reported.
If Timbuktu is still using this mechanism to launch their tools, they should
be rapped over the knuckles and use a legitimate launchd file instead :-)
Log in to post a comment.