
Logs in High Sierra Show Plaintext Password for APFS Encrypted External Volumes - reimertz
https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp
======
MertsA
What exactly happened to macOS development at Apple? There's always bad luck
but Apple has had multiple very visible and very serious vulnerabilities over
the last few quarters. They've made multiple grave errors with encrypted
volumes. I don't think Microsoft with Bitlocker or Linux with dm-crypt has
ever made mistakes as bad as Apple has made here and multiple other times.

Forget the stability issues, a lot of the vulnerabilities are very alarming.
I'm by no means a cryptographer, I should not be allowed anywhere near any
security sensitive code and yet of course I know that command line options are
accessible by all. All it takes is a glance at ps to realize that this exposes
the password so how exactly was this functionality added to both the UI and
CLI without anyone realizing what a blunder this was? This reminds me of the
bug where the System Preferences app would perform privileged operations by
basically calling an undocumented API that would create an arbitrary file with
arbitrary data and arbitrary permissions (including SUID) as root. What's
worse is that Apple already "fixed" a vulnerability in that API when in
reality all they did was modify the API client to not run if the user wasn't
root.

Why does it seem like there's no real oversight on macOS development anymore?
An implementation bug or a complex design that leads to a vulnerability is one
thing but so many of these vulnerabilities should have stuck out as a terrible
design from the start.

[https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2013-1775](https://cve.mitre.org/cgi-
bin/cvename.cgi?name=CVE-2013-1775)

~~~
glandium
You don't even need to look at security vulnerabilities to wonder what
happened to macOS development at Apple.

My wife recently bought a mighty mouse. It worked for a few days, but then
macOS would fail to associate with it via Bluetooth unless it's plugged in via
the lightning cable, in which case it's unusable, the connector being on the
side that normally sits on the table.

Anyways, after a quick Google, I found a workaround that I couldn't believe
would work, but I tried it anyways: open preferences, and check off "Allow
Handoff between this Mac and your iCloud devices". ... and it worked
instantly.

My wife doesn't even have an iCloud account...

The problem (and workaround) has been known for at least 4 years.

~~~
orclev
Or this awesome issue on any of the newer MacBook Pro laptops, if you plug or
unplug any USB devices while the system is either going into or recovering
from sleep mode (I.E. after you've closed the lid, but before you see the
login screen again after opening it), it will randomly kernel panic. I spent
almost a month trying to figure out why I would randomly get a kernel panic in
the morning since my evening routine was to close the lid, disconnect my
keyboard/mouse/monitor, and then in the morning do the exact opposite (plugin
keyboard/mouse/monitor, open lid). Once I read about the issues with USB
devices and sleep mode I changed my routine to first open the lid, wait for
the login screen to show up __then __plugin all the USB devices. Since I made
that change I haven 't seen a single kernel panic.

~~~
dixie_land
Thank you so much! Now I know why half the time after a meeting when I connect
my laptop again it'll simply hang then shutdown. (I didn't see the panic since
it's clamshelled)

------
dunham
This isn't the first time they've logged passwords. Back around 2014, I found
that they were dumping apple id passwords into one of the log files for iBooks
(CVE-2014-1317). It was dumping the request body in hex for a redirected login
request.

------
bri3d
Fixed in 10.13.2 - but wow, was High Sierra ever a sloppy release.

~~~
rbritton
It’s appallingly sloppy. I can’t say I’m regretting my switch to essentially
holding off on major OS upgrades until just before the next one is released. I
wish Xcode’s current version still supported the most recent two OS versions,
though.

~~~
m_mueller
how do you deal with the constant update prompts? ignoring them, or is there
some defaults system key that can be used to turn them off?

~~~
tortilla
[https://appletoolbox.com/2018/01/disable-macos-software-
upda...](https://appletoolbox.com/2018/01/disable-macos-software-update-
upgrade-notifications/)

~~~
adanto6840
You rock, thank you very much.

Shame on Apple for the "control click on a hidden control" design pattern in
order to stop the update messages. After not seeing an option to hide it, my
morning ritual lately had consisted of clicking "Details" button and then
quickly CMD+Q'ing out of the MAS dialog that popped up. Glad it's finally
disabled, but really kind of ridiculous that it was literally a hidden option.

~~~
chrisvalleybay
Actually, I just tested this. And it's not a control-click, it's a right
click. The person that wrote it probably uses the old control click to right
click paradigm.

------
catern
That's pretty bad. It's been known for decades on other Unix systems that you
shouldn't pass passwords by command line parameter, or even support doing so.
I guess no-one told Apple.

~~~
SSLy
Not to disagree, but could you provide some references to the statement?

~~~
tinus_hn
If you run the ps command you can see all processes with all the command line
arguments. They’re not secret, which is why you shouldn’t put passwords there.

Now typically these processes only run for a short time so it’s difficult to
catch passwords manually but it’s predictable so a script can.

~~~
your-nanny
So what is the proper way?

~~~
tinus_hn
Either store them in environment variables or pass them through file
descriptors, such as standard input.

Note that you do need to take care to clean up the environment if you create
new, unprivileged subprocesses or these secrets may leak.

~~~
your-nanny
Thanks.

------
auggierose
I am still on Sierra and a few weeks ago found a fix for a problem that Apple
introduced apparently in "good faith". I had been wondering for a while why my
mid-2015 maxed out Macbook Pro Retina didn't perform well when doing
programming in XCode etc. So finally on a weekend I decided to find out the
problem, and saw that "kerneltask" is using 500% CPU ...

Apparently, Apple has programmed kerneltask to grab available CPU resources
when it determines that the CPU might overheat due to other tasks stressing
the CPU too much. In my case though, there was no danger of overheating
(running somewhere between 55 and 60 degrees), but kerneltask just reacted to
my 4K monitor being plugged in in addition to me using the internal laptop
retina display. As soon as I would unplug the monitor, kerneltask would
release CPU resources and go back to < 10% !!

So basically, shitty programming on Apple's part had rendered my laptop
unusable for quite a while.

Luckily, I found this article which worked in my case also:
[https://www.davidschlachter.com/misc/kernel_task](https://www.davidschlachter.com/misc/kernel_task)

My laptop is now a joy to use again, but I can't believe that something like
this remains unfixed for so long. I've seen many people on message boards
running High Sierra with the same problem, so this just doesn't seem to get
fixed.

~~~
mrguyorama
Why is the kernel even playing such a stupid game to "manage" temperature? I
would have though Intel temperature management was idiotproof in the "You
literally don't even have to touch it" way.

------
rphlx
Closed source disk encryption products: Not Even Once.

------
kevingadd
Please don't link to mac4n6, it serves malware on some page loads. The article
author is aware of it but apparently doesn't have the ability to fix the issue

~~~
mediocrejoker
Not calling you out but I'd like to see a source for this. A quick web search
for mac4n6 malware didn't turn up anything.

~~~
guessmyname
Here is the source —
[https://twitter.com/iamevltwin/status/976627634066132992](https://twitter.com/iamevltwin/status/976627634066132992)

~~~
SyneRyder
To save others a click, that's the author of the website confirming that the
site was compromised by a code injection attack via Squarespace control panel.

------
772396
To be fair, does linux/unix system also has similar thing? If the cmd tool
supports passing the password as argument, it is supposed to be logged in
whatever logging facility in the system. I am not aware of a feature to
sanitize the password argument.

The usual way is the cmd tool supports supplying password as password prompt,
and the user should always supply the password in the prompt except testing
purpose.

So, I think it is more like a UI problem then a vulnerability.

~~~
walrus01
I could be wrong but I do not think dm-crypt supports CLI passing of the
passphrase. It uses interactive prompt only.

[https://wiki.archlinux.org/index.php/Dm-
crypt/Encrypting_an_...](https://wiki.archlinux.org/index.php/Dm-
crypt/Encrypting_an_entire_system)

------
newscracker
At some point, certain things ought to add up to become a firing offense. I
don't feel confident that Apple is going to get things much better without
drastic changes right from the top. If anyone at Apple senior management is
reading this, please do a shakeup and a rethink. It's badly needed for the
software you have been producing.

------
vondur
Just curious, could Apple actually ditch Darwin and use linux as their kernel?
I'm not sure how the licensing works in regard to their proprietary stuff that
may have to touch the kernel. It seems that if they aren't going to invest the
money on MacOS dev teams, this may help them out by not having to do as much
kernel dev stuff.

~~~
ken
From "Design Principles of the I/O Kit":
[https://developer.apple.com/library/content/documentation/De...](https://developer.apple.com/library/content/documentation/DeviceDrivers/Conceptual/IOKitFundamentals/Features/Features.html#//apple_ref/doc/uid/TP0000012-TPXREF101)

> "OS X is largely the product of two strains of operating-system technology:
> Mac OS 9 (and its predecessors) and BSD. Given this pedigree, one might have
> expected Apple to adopt the device-driver model of Mac OS 9 or FreeBSD.
> Instead, Apple chose to redesign the model. Several reasons motivated this
> decision.

> "First, neither the Mac OS 9 driver model nor the FreeBSD driver model
> offers a set of features rich enough to meet the needs of OS X. The OS X
> kernel is significantly more advanced than its Mac OS precursors; it handles
> memory protection, preemptive multitasking, multiprocessing, and other
> features not present in previous versions of Mac OS. Although FreeBSD is
> capable of handling these features, the BSD model does not offer other
> features expected in a modern operating system, including automatic
> configuration, driver stacking, power management, and dynamic loading of
> devices."

It sounds like switching to a different kernel, and extending it to support
everything that the Mac needs, would be a lot more work than finding and
fixing the issues they have now. 3 nasty security bugs in 6 months is bad, but
how many would they have if they changed kernels entirely? Mac OS X 10.0 sure
wasn't bug-free. (For fun times: try creating a new user on 10.0 with login
"root".)

I suspect it's very similar to why they didn't switch the display layer to
X11:
[https://developers.slashdot.org/comments.pl?sid=75257&cid=67...](https://developers.slashdot.org/comments.pl?sid=75257&cid=6734612)

------
andy_ppp
Even the UI issues Apple has now are appalling let alone bugs they don’t even
seem to know how to consistently have a lock button across devices for
example. If the basics are poorly thought through, how is something like
security going to be done properly?

------
futurix
I guess that’s the reason why APFS is still only supported for internal
volumes?

~~~
qubex
I don’t get the implication.

------
ggg9990
Windows users have long waited a year to install new versions. If Mac users
did the same they would have fewer such problems.

~~~
jakobegger
Lots of Mac users wait before they upgrade. (Myself included)

I recently looked at stats for my app, and only around 60% of my users are on
10.13, 30% on 10.12, and 10% on older versions.

If you use your Mac professionally, there‘s no point in updating every year —
it‘s always a hassle and a few weeks of upgrading 3rd party software and
fixing random things that don‘t work any more.

~~~
lloeki
It seems quite a lot of people around here have a thing for El Capitan.
Coincidentally this is the last one called "OS X".

~~~
rurban
Confirm. El Capitan is the last good and stable version.

~~~
Fnoord
Does 10.11 still get security and reliability updates?

As for 10.13. If an OS changes filesystem, its often recommended to wait (same
with in the past e.g. FAT32 -> NTFS, Ext2FS -> Ext3FS, Ext3FS -> Ext4FS
although IMO the latter two went flawless _for me_ ).

The reason I went for it -even though benchmarks of encryption + APFS
specifically were abysmal compared to encryption + HFS+ whereas no encryption
+ APFS or no encryption + HFS+ were acceptable differences)- is because it was
already tested on iOS.

~~~
lloeki
> Does 10.11 still get security [...] updates?

Yes.

[https://support.apple.com/en-us/HT208465](https://support.apple.com/en-
us/HT208465)

------
jondb123
Anyone have ideas how to detect passwords in logs?

------
jondb123
Any ideas how to detect passwords in logs?

