TruBlueEnvironment Privilege Escalation Attack

Discussion in 'macOS' started by Eidorian, Mar 27, 2006.

  1. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #1
  2. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #2
    Am I missing something here? Not only is this article 3+ years old, but it says the fix is to upgrade to Mac OS X 10.2.4 :p.
     
  3. Eidorian thread starter macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #3
    I know. I just found it running and hogging my CPU in 10.4.5. I'd like to know what security options I should take. I really don't want to reformat my drive for a week at least.
     
  4. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #4
    Well I don't think there are any security options that need to be taken. The security problem in the link shouldn't at all be a problem, especially if you have 10.4.5 as it has been corrected long ago. If you have no need for classic emulation, you could always just turn it off and it won't hog any resouces any more.
     
  5. Eidorian thread starter macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #5
    I don't have my Classic preference pane. It popped in accidentally a few months ago. I deleted it then. I then installed Classic last week and it never came back. :D
     
  6. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #6
    Well I have two possible options I can think of...

    One would be to kill the process in Terminal, the easiest way..
    in terminal type 'killall TruBlueEnvironment'

    Second you can add the OS9 classic menu extra to your menu bar which lets you toggle classic on and off
    It should be located at.. . System > Library > CoreServices > Menu Extras > Classic.menu (just open Classic.menu like an app and it will add to your menu bar)
    (Though if you dont have a classic pref pane, I dont know if this menu extra will be there or not either)
     
  7. Eidorian thread starter macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #7
    Well I killed the process before I posted. :rolleyes:

    I opened up Terminal and ran top to see what was using my CPU. I had just woken up my iMac from sleep and Exposé was sluggish so I knew something was eating my CPU power. I found that process and no cron running but TruBlueEnvironment was hopping between 70-80% of my CPU. I popped that in Google and found that security mention.

    I guess I'm safe now. I don't need Classic again and I backup weekly. I think I'll just hold out for a few days and watch my process list. I'll format and change my password again.
     
  8. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #8
    Yeah you should be safe, besides a bit of a slowdown, I don't think there was any real danger. I do agree it is a RAM & resource hogging emulation app, I ran a classic program for a few days strait and had a couple gigs of virtual memory taken up by it and couldn't watch a DVD smoothly till I closed/restarted classic. :mad:

    You don't have to format to get rid of it though , you can just delete it. Link
     
  9. Eidorian thread starter macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #9
    I've heard some horror stories about that. I've already found that page. :D
     
  10. tag macrumors 6502a

    tag

    Joined:
    Apr 29, 2005
    Location:
    PA, US
    #10
    Haha yeah, well as long as you are comfortable with terminal and don't mistype it shouldn't be life threatening, though deleting your 'System' instead of 'System Folder' would definately suck. :D I removed classic off of my powerbook with no problem, course then realized I needed it back a week later. :rolleyes:
     
  11. Eidorian thread starter macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
    #11
    I don't plan on typing /System there.
     

Share This Page