Please let me know if you can think of any what might have caused the following issue.
Two machines were involved, my 2009 Mac Pro and mid-2012 MacBook Pro, both on 10.8.5. I'm posting this here because ultimately it was my laptop that seems to have been affected, but I mention an issue related to the Mac Pro in case the two issues are connected somehow. Both machines' primarynuser account has the same shortname and user account ID#.
1) Problems with Mac Pro:
Firstly, my Mac Pro was giving me troubles for the first time ever. After I did the latest round of updates, including the latest security update for 10.8.5 (2014-005), the latest Safari, iTunes, Pro App codecs, etc., then I restarted and began downloading images from my iPad. After a few successful such transfers, my system suddenly hung while downloading images from my iPad. The Finder would not relaunch and I could not perform a normal shutdown, so I did a hard reboot.
The Console showed a bunch of errors related to sandboxd blocking Apple qmaster during boot, which never used to happen -- perhaps the newest security update got overzealous? I also deleted a user account called "test" that I did not recognize. Then I rebooted into Safe Mode and then back to normal and ran a permissions repair. I noticed several things including /var/root/Library and /var/root/System were owned by a user "504", presumably the "test" user since my main user is 503. I am worried that is indicative of a breach.
I also noticed a lot of Audio Components in /Library/Audio/Components getting sandboxed from audiod, so I reset their ownership to root:wheel and rebooted, which cleared that problem up.
Now that things seemed to be running smooth again, I proceeded to the next step where my real problems started.
2) Problems with MacBook Pro:
The next thing I did was to attach my MacBook Pro in Target Disk Mode via FireWire 800. Initially, I accidentally attached it to my DigiDesign 002 Rack's input, then realized that was why it was not coming up, because the 002 Rack was not daisy-chained to the Mac Pro. Then I attached it to the Mac Pro.
The MBP's volumes loaded just fine, and I proceeded to copy about 150 GB of photos and downloads to the Mac Pro. After the transfers completed, I ejected all the MBP's volumes and powered off the laptop.
Then I took it downstairs, connected it to its charger, turned it back on, and went to bed while it was booting up.
The next morning, strangely, it was powered off. I turned it back on and got a gray progress bar going across the screen below the Apple logo during boot-up. It took forever but finally the machine simply turned off.
After I arrived at work, I booted into the Recovery partition on the MBP and ran the Repair Disk option on that volume. Under "Checking File System" nothing came up, just said "Volume repair complete." Then it did "Updating boot support partitions" for about 30 minutes until finally in red text the dreaded, "Error: Disk utility can't repair this disk. Back up as many of your files as possible, reformat the disk, and restore your backed-up files."
3) Possible Causes?
I have a backup I can restore from but I am wondering why this happened. I realize this is an academic concern at this point, but I have never had a drive get corrupted by attaching to a different Mac. I've done this procedure before, so why would it suddenly hose me like this? I'd like to avoid this happening again.
My Mac Pro was sitting online for weeks without the bash exploit fix nor the latest security update installed, and with File Sharing and Back to My Mac turned on. Would I be paranoid to think it could have gotten hacked?
It seems more likely this would be caused by something in the sandbox update in the latest OS X screwing up PGP Whole Disk Encryption daemon, a feature I don't use but that might become dangerous if it was malfunctioning.
Thoughts?
4) Possible Solutions?
Other than restoring from backup, is there any reason I shouldn't try Disk Warrior or another similar such recovery utility? Any advice would be helpful as I haven't encountered this particular error before.
Thanks for any input. I'll post relevant log entries later when I can.
Two machines were involved, my 2009 Mac Pro and mid-2012 MacBook Pro, both on 10.8.5. I'm posting this here because ultimately it was my laptop that seems to have been affected, but I mention an issue related to the Mac Pro in case the two issues are connected somehow. Both machines' primarynuser account has the same shortname and user account ID#.
1) Problems with Mac Pro:
Firstly, my Mac Pro was giving me troubles for the first time ever. After I did the latest round of updates, including the latest security update for 10.8.5 (2014-005), the latest Safari, iTunes, Pro App codecs, etc., then I restarted and began downloading images from my iPad. After a few successful such transfers, my system suddenly hung while downloading images from my iPad. The Finder would not relaunch and I could not perform a normal shutdown, so I did a hard reboot.
The Console showed a bunch of errors related to sandboxd blocking Apple qmaster during boot, which never used to happen -- perhaps the newest security update got overzealous? I also deleted a user account called "test" that I did not recognize. Then I rebooted into Safe Mode and then back to normal and ran a permissions repair. I noticed several things including /var/root/Library and /var/root/System were owned by a user "504", presumably the "test" user since my main user is 503. I am worried that is indicative of a breach.
I also noticed a lot of Audio Components in /Library/Audio/Components getting sandboxed from audiod, so I reset their ownership to root:wheel and rebooted, which cleared that problem up.
Now that things seemed to be running smooth again, I proceeded to the next step where my real problems started.
2) Problems with MacBook Pro:
The next thing I did was to attach my MacBook Pro in Target Disk Mode via FireWire 800. Initially, I accidentally attached it to my DigiDesign 002 Rack's input, then realized that was why it was not coming up, because the 002 Rack was not daisy-chained to the Mac Pro. Then I attached it to the Mac Pro.
The MBP's volumes loaded just fine, and I proceeded to copy about 150 GB of photos and downloads to the Mac Pro. After the transfers completed, I ejected all the MBP's volumes and powered off the laptop.
Then I took it downstairs, connected it to its charger, turned it back on, and went to bed while it was booting up.
The next morning, strangely, it was powered off. I turned it back on and got a gray progress bar going across the screen below the Apple logo during boot-up. It took forever but finally the machine simply turned off.
After I arrived at work, I booted into the Recovery partition on the MBP and ran the Repair Disk option on that volume. Under "Checking File System" nothing came up, just said "Volume repair complete." Then it did "Updating boot support partitions" for about 30 minutes until finally in red text the dreaded, "Error: Disk utility can't repair this disk. Back up as many of your files as possible, reformat the disk, and restore your backed-up files."
3) Possible Causes?
I have a backup I can restore from but I am wondering why this happened. I realize this is an academic concern at this point, but I have never had a drive get corrupted by attaching to a different Mac. I've done this procedure before, so why would it suddenly hose me like this? I'd like to avoid this happening again.
My Mac Pro was sitting online for weeks without the bash exploit fix nor the latest security update installed, and with File Sharing and Back to My Mac turned on. Would I be paranoid to think it could have gotten hacked?
It seems more likely this would be caused by something in the sandbox update in the latest OS X screwing up PGP Whole Disk Encryption daemon, a feature I don't use but that might become dangerous if it was malfunctioning.
Thoughts?
4) Possible Solutions?
Other than restoring from backup, is there any reason I shouldn't try Disk Warrior or another similar such recovery utility? Any advice would be helpful as I haven't encountered this particular error before.
Thanks for any input. I'll post relevant log entries later when I can.
