Security update breaks printer drivers, Instant Hijack component

Discussion boards are breaking with reports of SSH and printer problems caused by Apple's late Tuesday release of Mac OS X's Security Update 2008-002. However, fixes can be had.

Discussion boards are breaking with reports of SSH and printer problems caused by Apple's late Tuesday release of Mac OS X's Security Update 2008-002. However, fixes can be had.

Rogue Amoeba Software released a compatibility fix for its Instant Hijack component that is often installed by the company's Airfoil, Audio Hijack Pro, and Nicecast applications. The problem causes SSH and other programs crash on Leopard machines.

The company suggested users to download the updates to its programs.

So, what caused this issue? This was due to a bug in Instant Hijack and is related to a new security feature in Leopard called position-independent executables (PIE). PIE is related to address space layout randomization. The basic effect is to move programs such as ssh to a different place in memory each time they start, making it more difficult for an attacker to exploit them.

Position-independent executables were available in Leopard from the start, and Instant Hijack was written to take them into account. However, nothing on the system actually used this facility when Leopard shipped. That changed with Security Update 2008-002, which includes a copy of ssh and related utilities which were compiled using PIE. At that point, we discovered that Instant Hijack’s PIE support didn’t work correctly.

Instant Hijack’s PIE support expected the program to be loaded at a random address. However, Leopard’s PIE implementation loads a program’s executable code into memory, and then moved it to a new, random address. Instant Hijack briefly inspects each process as it launches, in order to catch those that produce audio. On something like ssh, it exits very early, but that was enough to cause an issue here. Instant Hijack was left looking for the executable code in the original but since-vacated spot, and this triggered a crash.

On Apple's discussion boards users also complained that printing had stopped after installing the security patch. (Another reason to always backup before installing any system update.) Readers said repairing permissions didn't help.

Some users said deleting the /usr/libexec/cups/filter/pstops file (or replacing it from a backup) also worked.

Some readers said that reinstalling the Combo 10.5.2 Updater also worked.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All