# HUGE "bug" in OS X? Hmmmmm...



## hulkaros (Jul 4, 2003)

According to this:
http://lists.netsys.com/pipermail/full-disclosure/2003-July/010910.html

This:
http://www.osnews.com/
or this:
http://www.osnews.com/comment.php?news_id=3961

Here is the piece:
"Delfim Machado made public a way of crashing a password-protected screensaver and thus giving full access to the user account that the screensaver was running under. All a user has to do is to keep pressing any key for 5 minutes or so and then pressing Enter. Delfim Machado contacted Apple's Security department with his discovery, but when he didn't hear back, he decided to go public."

For me in all OS X.2.6 based systems that I tried the "bug", I could not reproduced the it...

What is this? Dark Side FUD?  Is Steve Balmer behind this? 

What gives? What say you people?


----------



## wiz (Jul 4, 2003)

BOOM!


----------



## symphonix (Jul 4, 2003)

Tested it for half an hour (while I was out, of course). It seems the text field on the password screensaver fills up eventually, but there's no crash. The screen saver stays securely locked.

I suspect whoever filed this bug report is only talking so much baloney. 

(Running Mac os X 10.2.6)


----------



## Giaguara (Jul 4, 2003)

Looks the same way for me too. The system might crash if it was too busy doing other stuff but i really doubt for only that. I'll try it eventually if im bored and have an hour to spend (so i can tell that it ddnt crash for an hour so i quitted).


----------



## hulkaros (Jul 5, 2003)

> _Originally posted by wiz _
> *BOOM! *



What do you mean by BOOM? You tried it and that "bug" worked on your OS X.2.6? 

Have you installed all system updates? And still that thing worked? How did you install your OS X.2 system? Did you upgrade your older OS X.1.x system or you did a fresh install? What about your permissions? Are those fixed?

Can you be more specific instead of just BOOM us? Or you are having fun?


----------



## hulkaros (Jul 5, 2003)

For those unfortunate enough that this "bug" works they may want to try this:
http://www.macrabbit.com/deskshadeplus/

It will help you a lot!


----------



## Darkshadow (Jul 5, 2003)

<ahem> hulk, _you_ are getting after someone for just typing *BOOM!* ?  That's a good one...


----------



## stizz (Jul 5, 2003)

I call complete and utter bull sh!t

I tried this several times, each time entering upwards of 1500 characters in the password field. No dice. Screen saver did not, I repeat, NOT crash.


----------



## hulkaros (Jul 5, 2003)

> _Originally posted by Darkshadow _
> *<ahem> hulk, you are getting after someone for just typing BOOM! ?  That's a good one...  *



Of course! That's by now a trademark of mine or should I say Steve's?  

Seriously now it was not for the BOOM! It was more like about the reason behind it! Have you seen Reloaded? Causality!  Cause and effect!


----------



## wiz (Jul 5, 2003)

yea sry should't have said BOOM! ... but...

*BOOM!* 


yea just havin fun... no dosen't work..


----------



## Snowball (Jul 6, 2003)

The Screen Saver crashes when I try it, 10.2.6 first rev 17" iMac, no haxies or anything.


----------



## hulkaros (Jul 6, 2003)

> _Originally posted by wiz _
> *yea sry should't have said BOOM! ... but...
> 
> BOOM!
> ...


----------



## hulkaros (Jul 6, 2003)

> _Originally posted by Snowball _
> *The Screen Saver crashes when I try it, 10.2.6 first rev 17" iMac, no haxies or anything. *



...here are some questions:
-Have you installed all system updates via Software Update or other sites?
-How did you install your OS X.2 system? Was it an upgrade from an older OS X.1.x system or it was a fresh install?
-Are your system permissions ok? I mean did you run Disk Utility or something to check/fix them?

Please let us know...


----------



## symphonix (Jul 6, 2003)

Snowball: What screen saver are you running? How did you go about producing the crash?


----------



## Koelling (Jul 6, 2003)

it crashes on mine too. One good way to get lots of characters is to select all the little dots in the password field and hit ctl-k which cuts them (like emacs) and then ctl-y which pastes them. I put about 2000 and it workes every time but doesn't for about 1500.

I don't have any haxies either, but I did an upgrade from 10.1. I'm using a screensaver called "blank" which just fades to black.

It also works for the login window, but it breaks aqua rather than bypassing security. I am dumped into Darwin login screen (similar to >console) and asked for my password unix style.

Any other questions be sure to ask, for this problem is highly reproducible for me.

OSX.2.6
266 Mhz iMac
256 Megabytes RAM 
nothing but screen saver running OR lots of stuff running


----------



## paracord (Jul 7, 2003)

Crashes here too. Fill the password field, select the characters, ctl-k then hold down ctl-y for a few seconds and hit enter. 10.2.6 nothing special.


----------



## Snowball (Jul 7, 2003)

This is a fresh install no more than 2 weeks old, all straightforward and updated. Permissions haven't been repaired, but I think this isn't limited to my machine evidenced by the other replies.

I created the crash the non-geek way by putting an object on a letter key and hitting enter about 10 minutes later. Basically the screen froze for about 1 second, and then it just crashed. There wasn't a crashed program dialog either, but there was an entry in the crash log.


----------



## solrac (Jul 7, 2003)

Wow!
Ok, yes. It does crash on mine.

I have a powerbook G4 17" on 10.2.6 with 1 GB RAM.

Funny thing is... I NEVER KNEW ABOUT CTRL-K and CTRL-Y!!! Of course, command-C (copy) and command-V (paste) is disabled on the screen saver, but apparently there's this other way to copy and paste with the control key??!! Crazy.... what other Control Key functions are there? Anyway yes it crashed.


----------



## dracolich (Jul 7, 2003)

Sorry, but here it doesn't work. I too put an object (Tordek the dwarven fighter) on a key, then pressed return 5 minutes later. No crash. 

But since I was there trying, I tried command+alt+del, and discovered that escapepod (an Ambrosia software utility) can force-quit the password protected screensaver... not nice.
Now I'll manually start escapepod only when doing hw intensive tasks (eg playing Jedi Outcast) then log out.

10.2.6 (all patches run) corbon copy cloned on this machine from my previous, updated from 10.1, updated from 10.0, some haxies (ASM, WindowShade, TinkerTools). BSD subsystem installed (anyone who could crash the screensaver, did you install it? Maybe this is the difference).


----------



## kerisbf (Jul 7, 2003)

Has Apple made any comments on this?  I'm curious to know what they have to say on the matter.

-keris


----------



## WinWord10 (Jul 7, 2003)

It crashed for me too. I put a flashlight on the center of the keyboard, waited 6 minutes, and pressed enter. The screen saver immediately quit as if I had entered a correct password, although I suspect it crashed, and I was able to gain full access to the desktop like the article said.

I hope apple fixes this asap :-\


----------



## Snowball (Jul 7, 2003)

winword10 (interesting name btw  ) you can confirm the crash by going here: ~/Library/Logs/CrashReporter. If there is a ScreenSaverEngine crash log then the screen saver did indeed crash.


----------



## hulkaros (Jul 8, 2003)

WOW! TOO many people report that this "BUG" exists... I hope that Apple will find out the problem and fix it ASAP...


----------



## cybergoober (Jul 8, 2003)

Can't seem to reproduce it in "Panther" so far.

My Mac OS X Server 10.2.6 box Screen Saver didn't crash and dump me to the desktop, but I've been looking at the spinning color wheel for about 5 minutes...

[edit] OK, after 5 minutes the screen went black. I moved the mouse and was prompted with a login window, although it appears that the screen saver engine went belly-up as "Cosmos" is no more. Just a black screen. 
And, indeed, there was a ScreenSaverEngine.crash.log generated 7/8/03.

Results of my testing thus far:
Panther just says "  "
OS X 10.2.6 *Server* ScreenSaverEngine crashes, but does not dump you into the Desktop.


----------



## legacyb4 (Jul 8, 2003)

Let's see...

Assuming I could crack into the computer through SSH as the logged-in user, I could easily kill the screensaver process and thereby gain access to the local machine.

Hey, a bug!


----------



## cybergoober (Jul 8, 2003)

Errr, umm...


----------



## evildan (Jul 8, 2003)

I think this raises an interesting point. You may call it a bug, I call it a reminder to not trust your screen saver app for security. Try logging out when you leave your system rather then using the screen saver for security purposes.

I realize the convenience behind using the screen save, but with convenience comes lack of security in this case.


----------



## WinWord10 (Jul 8, 2003)

In XP, you can use local security policies to force the system to logout after a period of idleness. Is there a way to do that on OS X too?


----------



## clemare (Jul 8, 2003)

... and the console says:
Jul  8 22:16:12 Carlos-Le-Mares-Computer crashdump: Crash report written to: /Users/clemare/Library/Logs/CrashReporter/ScreenSaverEngine.crash.log

2003-07-08 22:16:12.892 ScreenSaverEngine[1367] Exception raised during posting of notification.  Ignored.  exception: *** -[NSCFArray objectAtIndex:]: index (0) beyond bounds (0)


and the file mentioned contain:

**********

Date/Time:  2003-07-08 22:16:12 -0400
OS Version: 10.2.6 (Build 6L60)
Host:       pc-200-74-1-63.apoquindo2.pc.metropolis-inter.com

Command:    ScreenSaverEngine
PID:        1364

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x01294000

Thread 0 Crashed:
 #0   0x900743b8 in memmove
 #1   0x92be129c in checkpw_internal
 #2   0x92cf4414 in checkpw
 #3   0x000066cc in 0x66cc
 #4   0x930c7e44 in forwardMethod
 #5   0x930c7e44 in forwardMethod
 #6   0x930c1694 in -[NSWindow sendEvent:]
 #7   0x930a8e20 in -[NSApplication sendEvent:]
 #8   0x000074d8 in 0x74d8
 #9   0x930b1dac in -[NSApplication run]
 #10  0x00004678 in 0x4678
 #11  0x00004328 in 0x4328
 #12  0x000041a8 in 0x41a8

Thread 1:
 #0   0x90014d08 in syscall_thread_switch
 #1   0x97e03ef4 in +[NSThread sleepUntilDate:]
 #2   0x93081cac in -[NSUIHeartBeat _heartBeatThread:]
 #3   0x97e2cc50 in forkThreadForFunction
 #4   0x90020d28 in _pthread_body

PPC Thread State:
  srr0: 0x900743b8 srr1: 0x0000f030                vrsave: 0x00000000
   xer: 0x00000000   lr: 0x92be129c  ctr: 0x000000ed   mq: 0x00000000
    r0: 0xe280a2e2   r1: 0xbffff110   r2: 0x80a2e280   r3: 0x01284b8e
    r4: 0x0133b482   r5: 0x00011207   r6: 0xe280a2e2   r7: 0x80a2e280
    r8: 0xa2e280a2   r9: 0xe280a2e2  r10: 0x80a2e280  r11: 0xa2e280a2
   r12: 0x01293ff0  r13: 0x00000000  r14: 0x00000000  r15: 0x00000000
   r16: 0x00000000  r17: 0x00000000  r18: 0x00000000  r19: 0x00000000
   r20: 0x00000000  r21: 0x00000000  r22: 0x0117f410  r23: 0x00000000
   r24: 0x00000000  r25: 0x011aaf70  r26: 0xfffffffd  r27: 0x0132c000
   r28: 0x00000001  r29: 0x0001121f  r30: 0x01284a80  r31: 0x92be1134

clemare


----------



## solrac (Jul 8, 2003)

> _Originally posted by clemare _
> *
> #3   0x000066cc in 0x66cc
> #4   0x930c7e44 in forwardMethod*



That's the problem right there! I always hated sector 0x000066cc anyway. It's damn unstable and probably rattled up the forwardMethod a bit. They can fix that in a jiffy.


----------



## TME520 (Jul 9, 2003)

It crashed on my iBook running under 10.2.6.


----------



## Veljo (Jul 9, 2003)

WinWord10,
That's a new feature in Mac OS 10.3 (aka Panther). It's been absent for a long time. Thank God they included it.


----------



## scruffy (Jul 14, 2003)

In fact, this problem looks like it's not restricted to screensaver - _any_ Cocoa app with a text input can be made to crash.  Go into Mail.app, add a new account, and type maybe a hundred characters into the password field.  Then copy them all and paste them about fourty times.  Hit return and boom!

Anyone who says the screensaver crasher is not really a big problem, since you shouldn't trust your screensaver for security, yadda yadda, is out to lunch.  If Macs are to make it into any serious lab/business setting, you _need_ to be able to lock the workstation when you're just going to be away for a few minutes, without saving and quitting every program.

That being said, you're probably right that the locking functionality and the screensaver functionality should be separate - any security sensitive code should be as isolated as possible from other programs, to avoid unforseen interactions (bugs in fancy OpenGL eyecandy should never get near account-protecting security measures).  That's Apple's fault though, not the user's, since the only locking function Apple offers is the screensaver.


----------



## wtmcgee (Jul 14, 2003)

hopefully that fix that is rumored to come out in the coming days will not only fix the screensaver, but the problem system wide.


----------



## ksv (Jul 14, 2003)

> _Originally posted by wtmcgee _
> *hopefully that fix that is rumored to come out in the coming days will not only fix the screensaver, but the problem system wide. *



Actually, the Security Update is out already


----------



## wtmcgee (Jul 14, 2003)

yup - i still wonder though - did it fix it system-wide, or just the screensaver issue?


----------



## Arden (Jul 15, 2003)

Well, my iMac still has the base version of 10.2 on it; should I try this, and see if it's a .6 thing?

I also heard that you could get around the screen saver and access the Dock, but I don't know...


----------

